Two-Factor Authentication (2FA)

How we keep your account secure, and how to choose the right method

By Stacked

Updated Apr 6, 2026

Two-Factor Authentication (2FA) adds an extra layer of security to your account.

At Stacked, this means confirming your login with something you have access to, such as your email, and something you control, such as your device or an authenticator app.

2FA is strongly recommended for all accounts. In some cases, such as when connecting a bank account via Akahu, it may also be required.

How login works

When you log in to Stacked, you first confirm your email with a login code. Depending on your setup, you may then be asked to complete a second verification step.

You can set up 2FA to improve the security of your account, even where it is not required.

Your 2FA options

Passkeys

Passkeys use your device to confirm it is really you. This usually happens with Face ID, fingerprint, or your device PIN.

Passkeys are the preferred option in the Stacked Wallet. They fit naturally into the mobile app experience and can also help secure actions such as payments.

They are convenient, fast, and secure, especially when you mainly use one device.

Passkeys may also sync across devices depending on your Apple, Google, or password manager setup. Even so, they are sometimes less convenient in web-based flows where you move between devices regularly.

Authenticator apps (TOTP)

Authenticator apps generate a 6-digit code that changes every 30 seconds. Common options include Google Authenticator and 2FAS.

TOTP can be a good choice if you regularly log in on the web, especially across different devices or browsers. It is also a useful backup if you want a second method available on your account.

If you lose access to your authenticator app, we may need to re-verify your identity before restoring access.

Which option should I use?

For the Stacked Wallet, passkeys are generally the better option. They are built into the app experience and are the most seamless way to secure access.

For the web, either passkeys or TOTP can work well. TOTP is often preferred where you log in across multiple devices, while passkeys can be more convenient if your devices are already set up to sync them properly.

Many customers choose to enable both, using passkeys for convenience and TOTP as a backup.

Managing your security settings

You can manage your 2FA settings in your account under My Account and then Security.

Once 2FA is set up, changes to your security methods must be made from the web while logged in to your account.

Need help?

If you are locked out of your account or unsure which method is right for you, please contact support and we will help you through the next step.

Was this article helpful?

Still need help?

Can't find what you're looking for? Our support team is here to help you get the most out of Stacked.

Email Support

Get detailed help from our team

Live Chat

Chat with us in real-time