Kinsta now requires two-factor authentication (2FA) for access to the MyKinsta dashboard.

While 2FA using authenticator applications like Google Authenticator and Authy has been an option in MyKinsta for some time, the move to make this extra step mandatory reflects the proven security enhancements provided by combining multiple authentication methods.

The change also highlights the fact that customers’ MyKinsta dashboards are the first line of defence for the properties they host here — something hackers would love to exploit.

How 2FA works in MyKinsta

If you have already enabled 2FA using an authenticator app or are using a Git service provider for single sign-on (SSO), there are no changes to your MyKinsta login flow. Otherwise, as the next step after you submit your login credentials (email and password), Kinsta sends a unique code via email to the address associated with your account.

It looks something like this:

A screenshot of the email send to confirm two-factor authentication in MyKinsta.
An example of the email and authentication code customers will receive for 2FA.

After receiving the email, you can flip back to your MyKinsta login to enter your verification code and complete your login by clicking the Verify button:

A screenshot of a MyKinsta login with a 2FA confirmation code being provided.
Verifying your 2FA login in MyKinsta.

Enabling an authenticator application

Receiving an authentication code via email will be the ongoing procedure for your MyKinsta access unless you choose to use Git-provider SSO or an authenticator application, like Google Authenticator, Authy, 2FAS, Duo, Aegis Authenticator, or a password manager with built-in 2FA support like 1Password.

You can enable an authenticator application by clicking on your username in the top right corner of the MyKinsta dashboard and selecting User settings. On the resulting My account page, find the Authenticator app section and click the Enable button:

A screen shot of the My Accounts page in MyKinsta where an authenticator application can be enabled.
Beginning the process to enable an authenticator app for MyKinsta access.

You will be prompted to scan a QR code with your authenticator application. If you have problems scanning the image, you can enter the 16-digit code displayed under the QR code. You can then enter the six-digit code initially displayed by your authenticator application and click the Verify button:

A screenshot showing a QR code used to connect MyKista to an authenticator app for 2FA.
Adding MyKinsta to an authenticator application.

Delaying repeat 2FA authentication

You can reduce the number of times MyKinsta requests authentication by selecting Don’t ask for a code on this device while logging in:

A screenshot of the MyKinsta login dialog with the option to reduce 2FA requests selected.
Asking to delay requests for two-factor authentication.

After logging in with this option enabled, MyKinsta wil wait 30 days before asking for re-authentication on the same device connecting via the same IP address.

MyKinsta 2FA and Git-provider SSO

You may already be using SSO access to MyKinsta supported by the Git service providers GitHub, GitLab, or Bitbucket. If so, your login process will not change, and you will use any 2FA configured for your preferred Git service provider.

If you want to add one of these SSO options, you can do so on the My account page by scrolling to the Connect with Git service section, selecting your provider, and then logging in to that service:

Screenshot of the area on the My Account page in MyKista were SSO using a Git service provider is enabled.
Choosing a Git service for SSO.

Kinsta: Focused on security

At Kinsta, we’re dedicated to protecting customer websites and their data. Our ISO 27001-certified and SOC 2-compliant information security procedures reflect our investment in earning customer trust. It’s also evident in our free tools to safeguard websites with firewalling, DDoS protection, and wildcard SSL.

Visit Kinsta’s Trust Center for information on the company’s ongoing security-protection efforts.