Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.lovable.dev/llms.txt

Use this file to discover all available pages before exploring further.

Two-factor authentication (2FA) adds an extra layer of security to your Lovable account by requiring a one-time code when you sign in, in addition to your usual sign-in method. Even if someone learns your password, or compromises your Google, GitHub, Apple, or SSO sign-in, they still can’t get into your account without the code from your second factor. We strongly recommend turning on 2FA for every Lovable account, especially if you belong to a workspace with shared projects or billing.

Before you start

  • 2FA is configured per account, not per workspace. When enabled, it applies every time you sign in to Lovable.
  • For security, Lovable will ask you to re-authenticate if you haven’t signed in recently (within the last few minutes) before letting you change 2FA settings.
  • 2FA is independent of your sign-in method. You can use 2FA whether you sign in with email/password, Google, GitHub, Apple, or SSO.

Set up 2FA

To enable 2FA:
  1. Go to Settings → Your account and enable Two-factor authentication.
  2. Choose and set up a verification method by following the on-screen instructions:
    • Authenticator app (recommended)
      Use an app such as Google Authenticator, Microsoft Authenticator, Authy, or 1Password to generate time-based one-time codes.
    • Phone (SMS)
      Receive 6-digit verification codes by text message.
  3. Click Verify & Enable.
The method now appears in your Two-factor authentication list and is required at every future sign-in.

Signing in with 2FA

When you sign in with 2FA enabled:
  1. Complete your usual sign-in method (email/password, Google, GitHub, Apple, or SSO).
  2. If you have more than one 2FA method, choose which one to use.
  3. Enter the 6-digit code from your authenticator app or SMS.
You’ll be prompted for 2FA on every new sign-in. Existing sessions on devices where you’ve already signed in stay valid until they expire or you sign out.

Managing 2FA

You can change your 2FA setup at any time from Settings → Your account → Two-factor authentication:
  • You can add, remove, or replace 2FA methods.
  • We recommend keeping at least two methods configured to avoid getting locked out. If you lose access to one, for example because your phone was replaced, app uninstalled, or SIM swapped, the other lets you sign in and recover.

Lost access to your 2FA method

If you can’t access your authenticator app or phone:
  • Try your other enrolled method first. This is why we recommend keeping at least two methods.
  • Still locked out? Contact Lovable Support with proof of account ownership (the email on the account, recent project IDs, billing details) and we’ll help you regain access.