At Rebel, your account security is our top priority. That’s why we require Two-Factor Authentication (2FA) and offer three different methods for receiving your login codes. Each method provides protection, but some are safer than others:

1. Authenticator App (safest method)
Using an authenticator app, like Google Authenticator or Duo Mobile, is the most secure option. These apps generate time-sensitive codes directly on your phone that cannot be intercepted over the internet or reused. Because the codes never travel by email or SMS, this method offers the highest level of protection against hackers. We recommend customers set-up an authenticator app for the best security.

2. Phone Number (second safest)
If you don’t want to use an authenticator app, Rebel's default 2FA method is set up to receive the code by text message, using the phone number on file. We prioritize texting you first because it’s harder and much less common for bad actors to gain access to your cellular text messages compared to your email. A text is delivered directly to your device—not sent through the internet like email—making it a strong and reliable second option.

3. Email (safest fallback)
If your phone can’t receive texts, you can have your code sent to the primary or backup email on file. While email is the most convenient, it is also the least secure (of the 2FA methods). Email accounts can be more vulnerable—especially if you’ve reused passwords, had accounts tied to old or expired domains, or left an email inactive long enough to be deleted and re-registered by someone else.

Why we use 2FA:

Hackers often try to exploit compromised emails or old passwords leaked from other sites. If they succeed, they may attempt to reset your password through your email. By requiring 2FA, we prevent this single point of failure: instead of relying solely on email, a code is also sent through a safer method like text or an authentication app.

If it’s truly you logging in, you’ll simply enter the code and move forward. If it’s a bad actor, you’ll see the suspicious text or app notification before they can access your email fallback. In that case, you can immediately contact our Customer Support team so we can secure your account.

We understand this added step might feel inconvenient, but 2FA is becoming the industry standard for a reason. As a provider of essential services like your domain name, email, and website, we’re committed to keeping your account as secure as possible.