Multi-Factor Email Authentication (MFA)
Overview
Cloudflare uses a Multi-Factor Email Authentication (MFA) method for increased account security. MFA prevents customer account takeovers when attackers gain unauthorized access to an account due to an exposed or easily guessed password.
Cloudflare will challenge any login attempt if the user provides the correct credentials from an unrecognized IP address.
Cloudflare challenges the login by sending a one-time code that expires in 30 minutes to the email that we have on file for the account. Once the correct code is provided through the dashboard, your IP will be recorded and further login attempts from that IP address will not be challenged for 90 days.
By selecting Remember this computer, your device or browser will not receive MFA challenges for up to 14 days. After 14 days, Cloudflare will begin checking the IP address again for login attempts from that device/browser.
Troubleshoot MFA
Cloudflare emails are sometimes flagged as spam by the recipient’s email service. If you are expecting an authentication token, you should check the spam folder for any Cloudflare emails and configure a filter to allow Cloudflare emails from no-reply@notify.cloudflare.com_._
Other times, emails are rejected by the recipient email service. Cloudflare will try again it will flag your email address after several attempts and no further emails will be sent.
If you still do not receive an email after ensuring your email service is not flagging Cloudflare, contact Cloudflare Support.