Query
Can Multi-Factor Authentication (MFA) be set up using an email address to receive authentication codes?
Solution
No, due to security reasons. If someone can gain access to your email account, they would then be able to reset your password and get your MFA codes directly.
Alternatively, if you cannot or do not want to use a mobile phone, a few other authentication options that can be used include:
- USB tokens. An example is YubiKey. Plug in the YubiKey to a USB port and press the button on it
- Desktop App. If you prefer to keep your MFA verification code generation separate from your browser, you can install a standalone desktop app such as winauth
- Chrome Browser extensions. Using a Chrome extension will work on any device that runs the desktop version of the browser. Authenticator for Chrome, for example, works in Linux, on Google's Chromebook laptops, as well as on Mac and Windows PCs.
To set these up follow the instructions to setup MFA using an Authentication App. The end of the process will ask you to enter your mobile phone number for recovery purposes to identify yourself. We do not send Text Messages to your phone for this purpose.
Note with Multi-factor authentication (MFA), one factor is the device you want to log in with, and another factor is the device you use to generate codes. If you're generating codes on the same device you're logging in on (Desktop App or Chrome Extension), your account will not be as secure as one which uses a separate device.
See also:
How to set up MFA with Authentication App