Two-factor authentication

You can set up your Yandex ID so that you can only log in to it using one-time passwords. This mechanism is called two-factor authentication (2FA), and it provides your account with a higher level of security than a traditional password.

To effectively protect your account using a regular password, you have to make the password complicated, which may also make it hard to remember and keep secret. Even if you do everything right, a regular password is still vulnerable to things like viruses that record your keystrokes or copy your password to a clipboard.

One-time passwords simplify account protection: you only need to remember your PIN code and set up the Yandex.Key app for Android or iOS. The app constantly generates new one-time passwords. Each new password stops working right away if you don't use it and gets disabled after you log in to Yandex using it. Trying to steal this type of password is useless.

Detailed information on setting up one-time passwords can be found in Help:


One-time passwords can be enabled for a Yandex.Mail for domain account, but only if you're permitted to change the password for the corresponding domain. Furthermore, if the domain administrator resets your password, then one-time passwords will be disabled, and your app passwords will need to be generated again.