Tighten up your account security by enabling 2 Factor Authentication (email).
There are three options:
- Always
- When signing in with an unknown browser combined with your current IP address
- When signing in with an unknown browser only
It is more secure to select always (default), but sometimes that can feel like it is too much. That is why the other options are available, for convenience.
Option two protects your account from users that are outside your network, but not inside. The IP address will be the same, and the browser ID can be stolen. That is why the third option is the least secure, because the browser ID can be stolen and used on another network. That means that the server will accept login without 2FA, since the browser ID is recognized and trusted.
You have one try to sign in with the 2FA code, after that the 2FA code is useless and a new sign in process is required. This is to prevent hackers from "cracking" the one-time code (6 numbers are not a big match to crack), even though there are other parameters to prevent this.
You can find 2 Factor Authentication option in the profile view, under "Account".