Our magic-link sign-in already eliminates the biggest attack vector — password reuse — because there are no passwords. Each sign-in requires a fresh email-delivered link with a 60-minute expiry.
That said, traditional 2FA (SMS or authenticator app) is on the roadmap for late 2026 for users who want belt-and-suspenders security. If you want early access to test it, email submissions@bridgecapital.io.