Secure by design

Email’s the skeleton key to your digital life, so HEY goes to great lengths to keep you protected. From strong password requirements, to mandatory Two-Factor Authentication (2FA) for all paying customers, to supporting hardware security keys and fingerprint readers, HEY’s got your back.

What’s two-factor authentication?

Two factor authentication combines something you know (your password) with something you have (your phone or a hardware security key). Even if someone has your password, they still can’t log in to your account because they don’t have access to the physical key in your possession.

Do you support 2FA via SMS?

No, SMS simply isn’t secure enough. HEY uses the industry standard TOTP protocol, which can be used by a slew of second-factor authentication apps. For people brand new to 2FA, we recommend the straightforward and simple Microsoft Authenticator, but you can use 1Password, LastPass, Authy, Google Authenticator, Duo, or any other key generator that supports TOTP.

What about hardware security keys?

Yup! We support WebAuthn (the newer U2F approach), which is the next level of security, after TOTP. This is the standard for hardware security keys, like Yubico Keys. That’s not required for HEY, but it’s a nice extra layer for those who really want to lock down.

Do you have any more details on HEY’s security?

Absolutely. Read this deep dive on HEY’s security to learn more about the steps we’ve taken to ensure that your account is safe from prying eyes.