Buttondown offers multi-factor authentication (often referred to as MFA) to protect your account against common threats such as phishing, brute force attacks, and password theft that may be made by malicious actors.

If you're not familiar with MFA, you can read this article to learn more about it. At a high level, it means adding an additional piece of evidence when logging in to prove who you say you are. (Ever had to type in a six-digit code sent to your phone after putting in your username and password? That's MFA!)

To register an authentication token and enroll your account in MFA, head over to the Security settings page.

You should see a table containing multi-factor authentication tokens:

` Please note that at this time, Buttondown only supports third-party authenticator apps such as Google Authenticator and not physical security keys or SMS. (If you feel strongly about this, please add a comment with your particular use case on this Github issue.)