New: MyHeritage Adds Two-Factor Authentication (2FA) to Secure Your Account

The surge in global cyber threats highlights the need for increasing the security of user accounts on MyHeritage, to protect them from unauthorized access and safeguard their sensitive data.

One of the best practices for securing accounts is Two-Factor Authentication (2FA).
2FA is an extra layer of security for your account, designed to ensure that you’re the only person who can access your account, even if someone knows your password.

We originally planned to add 2FA for MyHeritage accounts in the July-August 2018 timeframe. But following the recent breach, we promised on June 4, 2018, that we will expedite the development of this feature. We’re glad to announce today, June 6, 2018, that we have completed the development of 2FA for MyHeritage in record time and have released its initial implementation to all users of MyHeritage.

Applying 2FA to your MyHeritage account is optional, and strongly recommended. Please spend a few moments now to change your password on MyHeritage (see how) and then follow the instructions below to add 2FA to your account.

How it works

In MyHeritage’s first release of 2FA, you designate a mobile phone and link it to your account by providing MyHeritage with its number. Then, any time you will log in to MyHeritage from a new computer, tablet or phone, and periodically once a month, MyHeritage will send a six-digit verification code as a text (SMS) message to your mobile phone and you will need to enter it on MyHeritage to complete the login successfully. This simple mechanism adds a strong layer of security to your account because even if a hacker has stolen your password, for as long as they don’t have your mobile phone, they won’t be able to log in to your MyHeritage account. Let’s imagine a worst-case scenario in which a hacker knows both your email address and password and tries to log on to your MyHeritage account from a computer in a foreign country that you’ve never used to access MyHeritage. Their attempt to log in as you will fail because a verification code will be sent to YOUR mobile phone and the hacker won’t be able to receive and enter it; and the suspicious activity of receiving the code on your mobile phone not prompted by you, will alert you to the fact that your password has been compromised.

Setting up 2FA for your MyHeritage account

Log into your MyHeritage account and click on your name at the top right corner of the screen. A drop-down menu will open. Click “Account settings”

Click “Enable Two-Factor Authentication”:

Enter your current password and click Continue:

This extra step is necessary for us to ensure that it’s really you.
If you don’t remember your password, click “Forgot password?” and follow the procedure to reset your password, and then return here and resume the setup.

Enter your mobile phone number:

First, pick your country from the list, and then enter your phone number along with any prefix, but without any leading zeroes. This step is necessary for us to test the loop of sending a code to your mobile phone and ensuring that it’s really yours and you have access to it. When you click “Send code”, we will send a 6-digit numeric code to the phone number you specified.

Enter the verification code you received to your phone and click “Done”:

That’s it, you’re now secured with Two-Factor Authentication and good to go! Your MyHeritage account is now connected to this phone number and it will be used in subsequent logins.

Logging into your MyHeritage account after setting up Two-Factor Authentication:

Go to www.myheritage.com and log in:

If this is the first time you are logging in from this computer, tablet or mobile phone, or once a month, a verification code will be sent via text message to the mobile phone number that you registered. Enter the 6-digit verification code you received on your mobile phone:

The code will be good for 10 minutes. If you didn’t enter it on time, go back and log in again, and a new code will be sent to your mobile phone.

You will now be logged in!

Frequently Asked Questions

Q. I don’t have a mobile phone. Can I add 2FA to my account?
A. Currently, no.

Q. I enabled 2FA, but now I want to disable it. How can I do that?
A. Initially, this can be done only by contacting MyHeritage customer support. Later we will provide a procedure for doing this yourself.

Q. I added 2FA to my account, but forgot my mobile phone today and don’t have it with me. Can I log in?
A. You won’t need to enter a verification code every time; but only when you log in to MyHeritage from a new computer; or if a month has elapsed from the last time you logged in on the same computer. If you need to undergo verification but don’t have the phone, you won’t be able to log in. If this is urgent for you, or it’s a permanent issue (e.g. your phone was lost or stolen), contact MyHeritage support. Our friendly staff will be able to assist you and after they take the steps to confirm your identity (which may require you to send them your photo ID), they will be able to temporarily disable 2FA on your account to allow you to log in, and you can then set it up again later with a new mobile phone.

Q. My phone was stolen. What should I do?
A. Disable 2FA so that the thief won’t be able to log in as you, and then enable it with a new mobile phone that you own.

Q. I bought a new phone with a new number. Can I change my 2FA to switch from the old phone to the new one?
A. Yes. Disable 2FA and then enable it again and set it up with the new phone.

Summary

We’re happy to be among the first in the genealogy and DNA industry to provide our users with the added layer of security offered by Two-Factor Authentication (2FA). This helps secure your account and your personal data on MyHeritage.

New versions of our mobile app and Family Tree Builder software that support 2FA are in the works and will be released shortly.

The MyHeritage HQ office today at 4am, swarming with engineers and management, pulling all-nighters and working around the clock to complete this important security enhancement for you. Standing on the right is VP R&D, Ran Levy. MyHeritage’s CEO also remained with the employees to manage the operation personally.

This effort is a testament to our commitment to the privacy of our users and the security of the data they share on MyHeritage.