23andMe · 23andMe Privacy Statement · View original document ↗

Two-factor authentication account protection

Medium severity High confidence Explicitdocumentlanguage Common · 266 of 352 platforms
Share 𝕏 Share in Share 🔒 PDF
Monitor governance changes for 23andMe Create a free account to receive the weekly governance digest and monitor one platform for governance changes.
Create free account No credit card required.

This analysis describes what 23andMe's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

The use of 2-factor authentication represents a specific security measure applied to user accounts, which is relevant to assessing the baseline protection 23andMe provides for account access.

Recent Activity

This document changed recently

Medium May 5, 2026

The updated privacy statement no longer explicitly directs users to a separate Medical Record Privacy Notice for telehealth services or explains that medical information collected through telehealth is governed by different privacy rules. Previously, the policy stated that users choosing telehealth services coordinated through 23andMe would find healthcare privacy protections described in a separate notice. That reference is now absent from the main privacy statement. Users seeking privacy information specific to telehealth services will need to determine independently whether a separate notice exists or contact 23andMe directly using the provided contact information.

View change record →
Medium Mar 23, 2026

The updated privacy statement no longer explicitly discloses a separate Medical Record Privacy Notice that previously described how medical information is used, disclosed, and maintained for telehealth services. Users who receive telehealth services coordinated through 23andMe may now lack clear notice of which privacy framework governs their medical records, since the reference to that parallel notice has been removed. The organizational scope change from '23andMe Research Institute' to '23andMe' narrows the explicitly named entities responsible for the policy, though operational impact depends on how these entities actually function.

View change record →

Clause Stability Stable

0
Changes
3
Months Monitored
Jul 10, 2026
First Seen
Jul 10, 2026
Last Seen
This clause type exists across 1952 other provisions on other platforms.

Consumer impact (what this means for users)

The reader's 23andMe account is protected by 2-factor authentication as a stated security measure.

How other platforms handle this

Tinder Medium

Use another user's account or share your account with another person;

Twitch Medium

Please make sure the information you provide to Twitch upon registration and at all other times is true, accurate, current, and complete to the best of your knowledge.

Walgreens Medium

If the Services require you to create an account or provide personal information, you agree to submit accurate, complete information, and to update it as appropriate.

See all platforms with this clause type →

Monitoring

23andMe has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Get Monitor Or create a free account →
▸ View Original Clause Language DOCUMENT RECORD
"
Your account is protected with 2-factor authentication.

— Excerpt from 23andMe's 23andMe Privacy Statement

Applicable regulations

CFAA
United States Federal

Provision details

Document information
Document
23andMe Privacy Statement
Entity
23andMe
Document last updated
May 5, 2026
Tracking information
First tracked
July 9, 2026
Last verified
July 9, 2026
Record ID
CA-P-026182
Document ID
CA-D-00148
Evidence Provenance
Source URL
Wayback Machine
Content hash (SHA-256)
84a7d427df1aaecf20068443719f4fe644ec63786924fac774f611468fc0435b
Analysis generated
July 9, 2026 07:23 UTC
Methodology
Evidence
✓ Snapshot stored   ✓ Hash verified
Citation Record
Entity: 23andMe
Document: 23andMe Privacy Statement
Record ID: CA-P-026182
Captured: 2026-07-09 07:23:55 UTC
SHA-256: 84a7d427df1aaecf…
URL: https://conductatlas.com/platform/23andme/23andme-privacy-statement/provision/CA-P-026182/two-factor-authentication-account-protection/
Accessed: July 13, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.
Classification
Severity
Medium
Categories

Other risks in this policy

Compliance Governance Intelligence

Need to monitor specific governance provisions?

Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies
Get Compliance

Or start with Monitor →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does 23andMe's Two-factor authentication account protection clause do?

The use of 2-factor authentication represents a specific security measure applied to user accounts, which is relevant to assessing the baseline protection 23andMe provides for account access.

How does this clause affect you?

The reader's 23andMe account is protected by 2-factor authentication as a stated security measure.

How many platforms have this type of clause?

ConductAtlas has identified this type of provision across 266 platforms. See the full comparison.

Is ConductAtlas affiliated with 23andMe?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by 23andMe.