How to enable two-factor authentication (2FA)

Two-factor authentication (also called 2FA) adds a second layer of protection to your Nowistay account. Once it is on, signing in from a new device requires both your password and a 6-digit code sent to your email address. Even if someone gets hold of your password, they cannot access your account, your properties or your guests' details without that code.

What is two-factor authentication?

With two-factor authentication enabled, your password alone is no longer enough to sign in. After you enter your email and password, Nowistay emails you a one-time 6-digit verification code. You type the code on the sign-in screen, and only then is access granted. The code changes every time and expires after 10 minutes, so it cannot be reused.

The feature is optional, free, and available on every Nowistay account.

How to enable two-factor authentication

1. Sign in to your Nowistay dashboard at app.nowistay.com.
2. In the left menu, under My Account, click Security.
3. On the Two-factor authentication card, click Enable.
4. Click Send code. A 6-digit verification code is sent to the email address you use to sign in.
5. Open the email from Nowistay (the code is right in the subject line), enter it in the Verification code field, then click Confirm.

The card now shows the Enabled badge. This confirmation step also makes sure you really have access to your mailbox, so you can never lock yourself out by mistake.

[Screenshot needed: Security page with the Two-factor authentication card and the Enable button]

What changes when you sign in

1. Enter your email and password as usual.
2. A Verify it's you screen appears, and a fresh 6-digit code is sent to your email.
3. Type the code and click Verify. You land on your dashboard as usual.

[Screenshot needed: the Verify it's you screen with the 6-digit code field and the remember-device checkbox]

A few useful details:

• Each code is valid for 10 minutes and works only once.
• Didn't get it? Click Resend code (available about a minute after the previous send). Only the most recent code works.
• After 5 incorrect codes, the attempt is cancelled for safety. Simply start again from the sign-in page.

Skip the code on the devices you use every day

On the verification screen, tick Don't ask again on this device for 30 days before clicking Verify. Nowistay then remembers the browser you are using: for the next 30 days, you sign in there with just your password. Any new device or browser still asks for a code, which is exactly the point: only you can approve it.

Turning two-factor authentication off (or off and back on) clears all remembered devices, so each one is asked for a code again at its next sign-in.

How to disable two-factor authentication

1. Go to My Account, then Security.
2. On the Two-factor authentication card, click Disable.
3. Enter your current password and confirm.

Your account is then protected by your password only. You can re-enable the feature at any time, the same way you first activated it.

Good to know

• The code email comes from Nowistay. The 6-digit code appears in the subject line, so you can read it from your inbox notification without even opening the email. If you don't see it, check your spam folder.
• Use the right inbox. The code is always sent to the email address you use to sign in to Nowistay.
• It protects every role. Hosts, property managers and team accounts can all enable it from the same Security page.
• Lost access to your email? Reset your password first from the sign-in page, then write to hello@nowistay.com if you are still stuck.