Bluesky now supports two-factor authentication to protect your account from unauthorized access. Without 2FA, your account relies only on a password, which can be stolen in data breaches or phishing attacks. This guide explains how to enable two-factor authentication on Bluesky using an authenticator app. You will learn the exact steps to set up 2FA and how to use backup codes if you lose access to your device.
Key Takeaways: Bluesky Two-Factor Authentication Setup
- Settings > Account > Two-Factor Authentication: Enable 2FA and scan the QR code with an authenticator app like Google Authenticator or Authy.
- Backup codes: Save the 16-digit backup codes in a secure place. Each code can be used once if you lose your phone.
- App passwords: Use app passwords for third-party clients that do not support the 2FA login flow.
What Two-Factor Authentication Does on Bluesky
Two-factor authentication adds a second verification step when you log in. After entering your password, you must provide a six-digit code generated by an authenticator app on your phone. This prevents attackers from accessing your account even if they know your password. The feature uses time-based one-time passwords following the TOTP standard.
Before you begin, install an authenticator app on your mobile device. Google Authenticator, Microsoft Authenticator, Authy, and 1Password all support TOTP codes. You also need access to the email address associated with your Bluesky account to receive verification emails during setup. The entire process takes about five minutes.
Steps to Enable Two-Factor Authentication on Bluesky
Follow these steps to turn on 2FA for your Bluesky account. You must complete the setup on the Bluesky website in a desktop browser. The mobile app does not currently support the 2FA configuration page.
- Log in to the Bluesky website
Open a desktop browser and go to bsky.app. Sign in with your handle and password. - Open Settings
Click your profile picture in the top-right corner. Select Settings from the dropdown menu. - Go to Account settings
In the left sidebar, click Account. Scroll down to the Security section. - Click Enable Two-Factor Authentication
Under Two-Factor Authentication, click the Enable button. A modal window appears with a QR code. - Scan the QR code with your authenticator app
Open your authenticator app on your phone. Tap Add Account or the plus icon. Scan the QR code displayed on the Bluesky screen. The app adds Bluesky and starts generating six-digit codes. - Enter a verification code
Type the six-digit code shown in your authenticator app into the text field on Bluesky. Click Verify. - Save your backup codes
After verification, Bluesky displays a list of 16 backup codes. Each code is 16 characters long. Click Download to save the codes as a text file. Store this file in a password manager or a secure offline location. You can also print the page and keep it in a safe place. - Confirm the setup
Click Done to close the modal. The Two-Factor Authentication section now shows Enabled. A green checkmark appears next to the setting.
How to Log In with Two-Factor Authentication
After enabling 2FA, the login process changes. Enter your handle and password as usual. On the next screen, you are prompted for a verification code. Open your authenticator app and type the current six-digit code. Click Submit. If you use the Bluesky mobile app, the same code prompt appears after you enter your password.
Common Issues and Things to Avoid
Authenticator app shows the wrong code
If the code you enter is rejected, check that your phone clock is synchronized. TOTP codes depend on accurate time. Go to your phone settings and enable automatic date and time. Wait one minute for the code to refresh, then try again.
Lost access to your authenticator app
Use one of the backup codes you saved during setup. Each backup code can be used only once. After you log in, go to Settings > Account > Two-Factor Authentication and disable 2FA. Then re-enable it with a new authenticator app.
Third-party apps and app passwords
Some Bluesky third-party clients do not support the 2FA login flow. For those apps, you must create an app password. Go to Settings > Account > App Passwords. Click Add App Password, give it a name, and copy the generated password. Use this app password in the third-party client instead of your real password.
Backup codes are lost
If you lose both your phone and your backup codes, you cannot log in. Bluesky support may require you to verify your email address and identity to reset 2FA. This process can take several days. Always store backup codes in at least two locations.
Two-Factor Authentication Methods Comparison
| Item | Authenticator App (TOTP) | Backup Codes | App Passwords |
|---|---|---|---|
| When to use | Every login after password entry | When authenticator app is unavailable | Third-party clients that lack 2FA support |
| Code format | Six digits, changes every 30 seconds | 16-character alphanumeric code | Random string generated by Bluesky |
| Reusable | Yes, codes refresh automatically | No, each code can be used once | Yes, until you revoke the app password |
| Storage recommendation | On your phone, with cloud backup if available | Password manager or printed paper | In the app that uses it |
Two-factor authentication is now active on your Bluesky account. Test the login process once to confirm everything works. For maximum security, also enable email notifications for new logins in Settings > Account > Security. If you ever switch phones, remember to move your authenticator app or generate new backup codes before disabling the old device.