Update 2025-10-30-email-2FA.mdx

Author: jhutchings1

src/content/changelog/fundamentals/2025-10-30-email-2FA.mdx

@@ -6,7 +6,7 @@ date: 2025-10-30
 
 Two-factor authentication (2FA) is one of the best ways to protect your account from the risk of account takeover. Cloudflare has offered phishing resistant 2FA options including hardware based keys (eg Yubikey) and app based TOTP (time-based one-time password) options which use apps like Google or Microsoft's Authenticator app. Unfortunately, while these solutions are very secure, they can be lost if you misplace the hardware based key, or lose the phone which includes that app. The result is that users sometimes get locked out of their accounts and need to contact support. 
 
-Today, we are announcing the addition of email as a 2FA factor for all Cloudflare accounts. Email 2FA is in wide use across the industry as a least common denominator for 2FA because it is low friction, loss resistant, and still improves security over username/password login only. We also know that most commercial email providers already require 2FA, so your email address is usually well protected already. Cloudflare will now prompt you during the login flow to enable email 2FA to better protect your account, and avoid getting locked out in the future. 
+Today, we are announcing the addition of email as a 2FA factor for all Cloudflare accounts. Email 2FA is in wide use across the industry as a least common denominator for 2FA because it is low friction, loss resistant, and still improves security over username/password login only. We also know that most commercial email providers already require 2FA, so your email address is usually well protected already. You can now enable email 2FA by going to your user profile (the person icon in the top corner of the Dashboard), then **Authentication**, and then under Two-Factor Authentication click **Set up**.  
 
 ## Sign-in security best practices