When you create an ArcHost account, you can choose to sign up with an email address or with Google or Facebook single sign-on (SSO).
When you create an ArcHost account using your email and password, we protect it with device verification by default. This only applies to email and password sign-ins without 2FA and does not apply to Facebook or Google SSO.
Each time you sign in from a new location using a new device or a different web browser, we email an authorization code to the email address you use to sign in or send an SMS to the phone number you provided.
This process means that a bad actor would need to have compromised your device or email account as well as your ArcHost account to log in. This increases the difficulty for would-be attackers and provides you with a notification if someone is trying to access your account.
To further protect your account, set up two-factor authentication.
