Enabling two factor authentication is a great way to protect yourself from phishing attacks and helps keep your Arch information secure and ultimately your assets protected.
Security update: Starting January 31, 2026, two factor authentication will be mandatory for all borrowers with an active loan.
New users are subject to this rule immediately.
Existing users have until the January 31st to enroll.
How does it work?
Two factor authentication works to secure your account by requiring an additional factor of information at sign in time. That is, it is not enough to have your email and password to get access to your account. If someone gets access to your email and password they still won't be able to get access to your Arch account.
Currently, Arch supports Time-based One-Time passwords. These are constantly changing passwords that a user generates for each login and that the login server (Arch) can verify.
These one time passwords are managed using an external application such as Google Authenticator or Twilio's Authy. If you're already using a password manager such as 1Password, it can handle this in addition to keeping the password itself secure.
Getting started
Go to your Security under Account and find the section labeled Two factor authentication.
How to set it up
Setting it up shouldn't take more than two minutes:
Choose 'Enroll' for "Time-based One-Time Password".
Make sure you have an authenticator app like Google Authenticator, Authy or 1Password.
You'll be asked to scan a QR code on the screen. Use your application here and then enter the one time password provided from it.
When you log in the next time, you'll need to add your password and then a code generated from your authenticator app.
Important: When you set up 2FA you'll be provided a recovery code. Save this code to avoid potentially being locked out of your account if you loose access to the authenticator app.
Using it
After enabling 2FA, you'll log in just like you're used to, and after providing your email and password, you'll be asked to provide the one time password.
Lost your 2FA device?
If you happen to lose your 2FA device, you can use the recovery code provided during sign up to login. After using the recovery code you'll be asked to save a new recovery code as they can only be used once. To use your recovery code, hit "Try another method" on your 2FA screen of the login flow.
Once you've successfully logged in with the recovery code, head over the the Security section under your account and reset your two factor authentication by disabling it and enrolling again.
If you happen to have an active loan with Arch, you'll have to contact the team to disable the existing Time-based One-Time Password before you can enroll for a new one. The Arch may require you to provide additional identifying information during this process.