TL;DR: I’m the founder of ShrtFly. Two-Factor Authentication (2FA) on ShrtFly protects your earnings the way it actually matters — by gating payout requests, not just logins. Even if someone steals your password, they cannot move money out of your account without the six-digit code from your phone. Setup takes about three minutes: install Google Authenticator or Microsoft Authenticator, scan our QR code in Settings, save the backup codes somewhere safe, verify with the first six-digit OTP. Full step-by-step below with screenshots.
I built ShrtFly in 2017. One of the few things in our product I genuinely insist every active publisher turn on is Two-Factor Authentication on payouts. Most platforms treat 2FA as a login-only setting; we wired ours into the withdrawal flow specifically, because that’s where the actual money moves. A stolen password is annoying. A drained balance is unrecoverable. 2FA closes that gap.
This guide walks through enabling 2FA on your ShrtFly account in 2026 — the apps that work, the scan-and-verify steps, the backup-code rule that saves you from a lost phone, and what happens at the payout request after 2FA is on.
What 2FA Actually Does on ShrtFly
Two-Factor Authentication forces anyone trying to perform a sensitive action on your account to prove their identity in two separate ways:
- Something you know — your password
- Something you have — your phone, running an authenticator app that generates a fresh six-digit code every 30 seconds
On ShrtFly specifically, 2FA is wired into the payout request flow. That means even if someone obtains your password through a breach on another site (password reuse is the most common compromise vector), they cannot trigger a withdrawal from your dashboard without also having the live code from your phone. Your earnings stay protected.
Enabling 2FA also adds a security signal on your account that helps our finance team distinguish your legitimate payout requests from suspicious activity. Practically, this can mean faster processing on the first few payout requests after enabling.
Step 1: Install an Authenticator App on Your Phone
You need an authenticator app installed before you start the ShrtFly side. The two we recommend, both free and well-maintained:
- Google Authenticator — the simplest option, works offline, available on Android and iOS
- Microsoft Authenticator — supports cloud backup of your codes, which is useful if you upgrade your phone often
Both work fine. Authy and LastPass Authenticator also work if you already have them installed. Pick one and install it on the phone you carry day to day.
Step 2: Open the 2FA Section in Your ShrtFly Account
Log in at shrtfly.com/account/login. From your dashboard, navigate to Account Settings → Security. You’ll see a Two-Factor Authentication section showing your current status — initially this will say “2FA: Disabled”.
Click Get Started. The system will ask you to re-enter your account password as a safety check — this prevents anyone who briefly accesses your unlocked dashboard from enabling 2FA on a device they control. Enter your password and continue.
Step 3: Scan the QR Code With Your Authenticator App
After password confirmation, ShrtFly displays a QR code on screen along with a text-based backup key. Open your authenticator app, tap the “+” button to add a new account, and choose Scan a QR code. Point your phone camera at the QR code shown on the ShrtFly page.
The moment your app reads the QR code, it adds “ShrtFly” to its list of accounts and starts generating a fresh six-digit code every 30 seconds. That code is what you’ll enter to verify the setup in the next step.
Save the backup key. Below the QR code, ShrtFly shows a text string — copy it into your password manager, email it to yourself, or write it on paper and store it somewhere safe. This key is what you’ll use to restore 2FA access if you ever lose your phone (covered in the lost-phone section below). Do not skip this step.
Step 4: Verify the OTP and Activate 2FA
Look at your authenticator app. It’s now showing a fresh six-digit code under “ShrtFly”. Type that code into the verification field on the ShrtFly page and click Verify.
Two notes on the OTP:
- The code changes every 30 seconds. If your code is about to expire, wait for the next one rather than rushing — entering an expired code will fail verification and you’ll have to start over.
- The first verification will only succeed once. Once verified, the system marks 2FA as enabled and you’re done with setup.
Step 5: Test 2FA by Requesting a Payout
The fastest way to confirm 2FA is working is to start a payout request. Head to Withdrawals → Withdraw, fill in the payout details, and submit. Before the request goes to the finance team, ShrtFly now asks you for the current six-digit code from your authenticator app.
Enter the code. If it matches, the payout request goes through to finance. If it doesn’t, the request is blocked. The full payout flow is covered in our payout request guide — the 2FA prompt is the only change after enabling.
What Happens If You Lose Your Phone
This is the single most important reason to save the backup key from Step 3. There are three scenarios and three solutions:
- You upgraded to a new phone → install your authenticator app on the new phone, choose “Add account” → “Enter setup key manually”, paste the backup key you saved. Your ShrtFly entry restores instantly and you’re back in.
- You lost your phone but you have your backup key → same as above on any phone with an authenticator app installed.
- You lost your phone AND you don’t have the backup key → contact customer support. After identity verification, the team can disable 2FA on your account so you can log in, then you re-enable it with a fresh QR code and a new backup key (this time, save it).
The support-disable route exists as a safety net, but it takes 24-48 hours because of the identity-verification step. The backup key route takes 30 seconds. Save the backup key.
Other Account Security Habits Worth Adopting
2FA is the single biggest win, but it’s not the only thing that keeps your earnings safe. A few related habits I’d suggest:
- Use a unique password for ShrtFly. If you reuse a password across sites and any one of them is breached, your ShrtFly account is at risk. A password manager — Bitwarden, 1Password, or even Chrome’s built-in one — solves this with zero friction.
- If you ever forget the password, use the reset flow rather than guessing. The password reset guide walks through it. Repeatedly trying wrong passwords trips our security signals.
- Check your payout history monthly. The Withdrawals section shows every historical request. If you see one you don’t recognize, contact support immediately — and with 2FA on, you’ll almost certainly never see one you don’t recognize, because no one else can submit one without your phone.
- Don’t share your account. If you need a team member to manage links or check analytics, we’ll be adding sub-user roles in a future update — until then, account sharing is a security risk we can’t protect you from.
FAQ
Is 2FA mandatory on ShrtFly?
Currently it’s optional but strongly recommended. Every active publisher with a meaningful balance should enable it. The three-minute setup is worth it the moment it stops one stolen-password attempt — and at our publisher volume, those attempts happen regularly.
Will 2FA slow down my payouts?
No. Entering the six-digit code at payout request adds about five seconds to the flow. The processing time on our finance side is the same. If anything, having 2FA on can speed up the first few payouts after enabling, because it removes a security signal we’d otherwise need to verify manually.
Which authenticator app is best for ShrtFly 2FA?
Google Authenticator is the simplest. Microsoft Authenticator is better if you change phones often, because it supports cloud backup of your codes. Authy and LastPass Authenticator also work. All of them generate the same six-digit codes from the same QR code — you’re not locked in.
Can I have 2FA on multiple phones?
Yes — when you’re on the QR-code screen during setup, scan it with as many authenticator apps as you want. Any of them will generate valid codes. This is genuinely useful as a redundancy: scan with one phone, save the backup key separately, and you’re protected against both phone loss and key loss.
Does ShrtFly support SMS-based 2FA?
No, and we won’t. SMS-based 2FA is significantly weaker than authenticator-app 2FA because of SIM-swap attacks, and the major security community has been moving away from SMS for years. Authenticator apps are the modern standard, and that’s what we support.
If I lose my backup codes and my phone, am I locked out forever?
No. Customer support can disable 2FA after identity verification. The process takes 24-48 hours because we need to confirm you’re you — but the funds and account stay yours. Save the backup key anyway so you never need this route.
Summing Up!
2FA on ShrtFly is the single most effective protection you can add to your account in three minutes. It gates payout requests, not just logins — which is the security model that actually matters for an earnings platform. Install an authenticator app, scan the QR code, save the backup key, verify once, and you’re done. Every future payout asks for the current six-digit code, and your earnings are protected against any password compromise.
If you haven’t created your ShrtFly account yet, the getting-started guide walks through signup first. If you’re set up and ready to cash out, the payout request guide shows the full withdrawal flow (with 2FA’s role in it). Any questions about 2FA specifically, drop them in the comments and I’ll answer directly.
