By: Katy Rowe-Schurwanz

Protect your DNA results with two-factor authentication (2FA), a new layer of account security from FamilyTreeDNA

Account security is a top priority at FamilyTreeDNA, which is why rolling out 2FA just made sense. Two-factor authentication is designed to help protect DNA results for every customer. Whether you’re signing in with your individual FamilyTreeDNA kit number or managing GAP accounts as a Group Project Administrator, enabling two-factor authentication adds an essential safeguard.

In this guide, we’ll define what 2FA is, explain why it matters for account security, and show you how to set it up step by step. We’ll also answer common FAQs to ensure your DNA results and personal information remain secure.

What is Two-Factor Authentication?

Two-factor authentication adds an additional layer of security to your account by requiring you to confirm a code sent to your email address along with your kit number or GAP Username and password before you can access your account.

Why is Two-Factor Authentication Essential for Your Account?

Individual DNA kit accounts and Group Project Administrator GAP accounts contain not just your genetic information but also genetic information about your DNA matches and/or Group Project members.

One standard method used for cyber-attacks is called “credential stuffing.” Credential stuffing is an automated cyberattack that capitalizes on a common user behavior: reusing the same username and password across multiple online services.

In this method, stolen sign-in credentials from a data breach are obtained. Attackers then use that same username/email and password combination on other (typically unaffiliated) sites in an attempt to gain access to additional sensitive information.

These types of attacks are why it is important you do not reuse the same passwords across multiple sites or accounts.

Two-factor authentication enhances your account security. When 2FA is enabled, even if an attacker has obtained your password, they cannot access your account without the verification code sent to your email address, thereby protecting DNA results for you, your matches, and your Project Members.

Is Two-Factor Authentication Mandatory to Setup?

For Group Project Administrators using GAP username accounts, two-factor authentication will be required. You can skip setting up three times before you must enable 2FA to continue to your GAP account.

For individual kit accounts, while we strongly encourage you to enable 2FA to increase your account security and enhance your DNA security, enabling two-factor authentication is optional.

How to Enable Two-Factor Authentication on Your Account

There are two ways you can enable 2FA on your account. You can either set up when you first sign in to your account, or later within your account settings.

Setting Up Two-Factor Authentication When You First Sign In

Launch two-factor authentication setup to strengthen account security before selecting your email and recovery options.

The first time you sign in, you will be directed to complete the 2FA setup.

The setup process is three easy steps:

  1. Select your two-factor authentication email
  2. Select your recovery email
  3. Confirm setup

Note: In April 2025, we implemented a mandatory password reset. If you have not reset your password, you will first be asked to reset your password before proceeding to the 2FA set up.

Step One: Select Your Two-Factor Authentication Email

The first step is to select the email address where you want your verification codes to be sent. You may choose from the email addresses you have in your account settings, or you may enter a new email address.

Once you have selected the email address, click “Send code” to the right of the email field. A verification code will be sent to the email address you selected.

Select your email and send a code to begin 2FA setup, protecting your FamilyTreeDNA account and DNA results.

The third step is to confirm that verification code. Enter the code you received from us in the bottom field and click “Verify.”

Note: You don’t want to exit the two-factor authentication set up, so in another tab or window, or on another device, open your email.

Step Two: Add a Recovery Email

Add a recovery email during 2FA setup to regain access if you lose your main account email.

After confirming the code, you will be prompted to set up a recovery email. The recovery email is where we can send a verification code instead, if you no longer have access to the email you selected for the 2FA code. Adding a recovery email is optional, but strongly encouraged.

Note: Your selected recovery email address must be different from the email address you selected for your two-factor authentication code in the previous steps.

The process for setting up a recovery email address is the same as the default two-factor authentication email address. Once you have selected the email address for your recovery email, click “send code.” Enter the code you received in the field and click “Verify.”

Note: Remember to open that email in another tab or window, or on another device.

Step Three: Complete Setup

Finish 2FA setup and secure your FamilyTreeDNA account by completing the final step to protect DNA results.

You’ve completed setting up two-factor authentication! Click “Complete setup” and you’ll be taken to your dashboard.

Note: If you have not accepted the new Terms of Service, or if you have not completed New Customer Onboarding, you will be taken to that prior to your dashboard.

Setting Up Two-Factor Authentication in Account Settings

Enable 2FA from your Account Settings to add extra security if you skipped setup during your first FamilyTreeDNA login.

If you skipped setting up two-factor authentication at sign in, you can enable it from your Account Settings.

  1. Select Account Settings from the menu under your name and kit number in the top right.
  2. Under the Account Information settings, select Security Settings.
  3. From the Two-factor authentication section, click “Set up” and follow the instructions.

Adding a Recovery Email for Two-Factor Authentication in Account Settings

Add a recovery email in Account Settings to regain access to your FamilyTreeDNA account if your main email is unavailable.

If you already enabled 2FA, but did not set up a recovery email, you can add one in the Account Settings as well.

  1. Click “Set up” under the Two-factor authentication section.
  2. Under the Recovery email section of your 2FA settings and follow the instructions.

How to Sign In After You’ve Enabled Two-Factor Authentication

After you’ve enabled 2FA, there will be two steps to the sign in process.

  1. Step One: Sign in as you normally would with your kit number or GAP username and then your password
  2. Step Two: Enter the verification code we sent to your selected email address

If you don’t receive the code, you can request a new one after 30 seconds.

If you don’t have access to your two-factor authentication email, you can select to have the code sent to your recovery email instead, if you have set one up.

Enter the code you received on this page and click “Confirm.” You’ll be taken to your dashboard.

How Long Before the 2FA Code Expires?

Verification codes expire after 10 minutes, so if you enter your code after it expires, you will need to request a new one.

If you enter an expired code or an incorrect code three times in the same sign in attempt, your account will be locked for 30 minutes. This means we won’t allow you to sign in for the next 30 minutes. Once that 30 minutes is up, you can enter your kit number or GAP username and password again and request a new verification code.

Is 2FA Required For Every Sign In?

If you prefer, you may skip the two-factor authentication step for 30 days at a time.

To pause 2FA for 30 days:

  • Enter your two-factor authentication code but do not click confirm
  • Check the box beneath the code field that says, “Remember this device for 30 days”
  • Click “Confirm”

This is unique to the specific browser and device you’re using, as well as the specific account. If you clear your cache and cookies, switch browsers, switch devices, or sign in to a different kit or GAP username, you will be asked to confirm a verification code even if it’s within that 30-day timeframe.

More Improvements Next Year

We are aiming to add some new improvements to your account sign-in in 2026.

  • New Account Structure: Instead of signing in with your kit number and password, you will create a new account with your email address and sign in with your email and password.
  • Multi-kit Management: You will have the ability to register your DNA kit and the DNA kits of anyone you manage under your new account, and access results for all your testers under one account.
  • Results Sharing: We’ll also add the ability for you to share your results with another user and allow them to view or manage your results.
  • Mandatory Two-Factor Authentication: When you create your new account, you will be required to set up two-factor authentication. It will no longer be optional for any FamilyTreeDNA user.

We know many of you are eager to hear more about these improvements to our sign in experience, specifically their release date. As we get closer to implementation, we will release information to help you prepare for the transition. We’ll continue sharing updates here on the blog as new features roll out.

Headshot of Katy Rowe-Schurwanz - Product Manager at FamilyTreeDNA

About the Author

Katy Rowe-Schurwanz

Product Manager at FamilyTreeDNA

Katy Rowe-Schurwanz has always been interested in genealogy, inspired by her maternal grandparents, who told her stories about their family and family history when she was little. After studying anthropology and history in college, she joined FamilyTreeDNA in 2015 and became the Trainer for Customer Support. Katy created and improved training processes and was fundamental in the creation of the Big Y Specialist team. In September 2021, she became Product Manager and has focused closely on improving FamilyTreeDNA’s genetic genealogy products.

Account Settings Products