ArchiveExpo SnackDiscord and ForumsNewsletter

Two-factor authentication

Edit this page

Learn about how you leverage two-factor authentication (2FA) to secure your Expo account.

Two-factor authentication provides an extra layer of security when logging in to expo.dev, the Expo Go app, and command line tools. With two-factor authentication enabled, you will need to provide a short-lived code in addition to your username and password to access your account.

Enable two-factor authentication (2FA)

You can enable two-factor authentication from your personal account settings.

Two-factor authentication methods

You can receive 2FA codes through an authenticator app.

Authenticator apps

Expo accepts any authenticator app that supports Time-based One-time Passwords (TOTP) including:

  • Last Pass Authenticator
  • Authy
  • 1Password
  • Google Authenticator
  • Microsoft Authenticator

Expo will provide a QR code to scan with your authenticator app during setup. The app will provide a confirmation code to enter on Expo. Enter the code to finish activating 2FA via your authenticator app.

SMS messages

Deprecated: SMS is no longer supported for newly-added two-factor authentication methods. Existing SMS two-factor authentication methods will continue to work, though we suggest switching to an authenticator app as it provides better security.

Provide a mobile phone number to receive a short-lived token via SMS. Codes received via SMS will be valid for at least 10 minutes, so you may receive the same code multiple times within this window. If you set an SMS device as your default 2FA method, you will be sent a verification code automatically whenever you take an action that requires a 2FA code.

Recovery codes

When you set up two-factor authentication for your account, you'll receive a set of recovery codes. These codes can be used instead of a one-time password if you lose access to your authenticator app or SMS device. Keep in mind that each recovery code is only valid for one use.

If you selected the option to download your recovery codes at the time they were created, you can locate them in a file labeled as expo-recovery-codes.txt.

Store your recovery codes in a secure and memorable place to ensure you, and only you can access your account!

Change your two-factor settings

You can make changes to your two-factor settings from your personal account settings. You can:

  • add or remove authentication methods
  • set your default method
  • regenerate your recovery codes
  • disable two-factor authentication for your account

You will need to provide a one-time password to make any changes to your 2FA settings.

Recover your account

Recovery codes

When you set up your account to use 2FA, Expo provides you with a list of recovery codes. In the event you lose your device(s), a recovery code may be used in place of a one-time password. Each of these codes may only be used once. You may regenerate your recovery codes, which will invalidate any existing codes, from your personal account settings.

Secondary 2FA methods

By setting up multiple authentication methods associated with different physical devices, you can ensure you will not lose access to your account in the event a device is reset or lost.

Manual recovery

If you cannot access your account through any of the supplied methods, you may email Expo support from the email associated with your account. Unfortunately, we cannot guarantee we will be able to restore your access to your account in this scenario.