To help protect your Mercury account, we require two-factor authentication (2FA). Depending on your setup, this could mean entering a code from an authenticator app or logging in directly with a passkey or security key. This article explains the available login methods and how 2FA keeps your account secure.
Why Mercury requires two‑factor authentication
Requiring a second form of verification helps secure your account, even if your email or password are compromised. Depending on your setup, this second factor might be:
- A time-based code from an authenticator app
- A security key you physically tap or insert
- A passkey stored on your device (used with Face ID, Touch ID, or your device password)
Authentication methods at Mercury
You can choose from multiple secure login methods:
Passkey (recommended)
A passwordless login option that uses credentials tied to your device. With passkeys, you can authenticate using Face ID, Touch ID, or your device password.
Unlike TOTP codes, passkeys can bypass both your password and 2FA code entirely, offering a faster and more seamless login experience.
Authenticator app (TOTP)
When logging in with a password, you’ll be asked to enter a 6-digit code from your authenticator app. This code refreshes every 30 seconds and adds an extra layer of security. Time-based one-time passwords (TOTP) codes are more secure than SMS-based codes, which are more susceptible to interception or spoofing.
You’ll be prompted to enter a code when:
- Logging in after a period of inactivity
- Signing in from a new device or browser
Supported authenticator apps include:
- Mercury mobile app (recommended for a seamless experience)
- Google Authenticator
- 1Password
- LastPass
Security key
A physical device (like a YubiKey) you tap or insert to verify your identity. Once added to your account, it can serve as your primary method of authentication, often skipping the need for a code entirely.
Setting up 2FA
To connect an authenticator app, security key, or passkey to your account, follow the steps in our setting up 2FA guide.