We have switched all users to email code based logins. You can easily switch back.


As a security measure, we have switched all users to login using secret codes sent via email. We understand this might be confusing and inconvenient, and we’re sorry.

We made this change to protect users who do not use secure passwords from a common attack called credential stuffing, which was recently attempted against Workflowy. If you use a password manager and prefer passwords, you can easily switch back to a password here.

Also, some logged in users are reporting trouble logging in after this change, but it seems to be resolving itself after reloading.

If you have any problems not addressed above, please email help@workflowy.com and we will address your problems ASAP.


Workflowy replaces your notebooks, stickies and bloated apps with a simple, smooth digital notebook that makes it easy to get organized and be productive.

Share on twitter
Share on facebook
Share on linkedin
Share on email

7 Responses

  1. GREAT ! Thanks for this! Works fine on my end. I’ve been using a password manager myself, but I really like this change and will keep it. I appreciate your taking the time and care to provide this new solution based on the recent attacks.

  2. Hello and thanks for the update.

    While I agree with the measures taken, the email I received to inform me of this had deep links in the 3 urls presented while the blog above shows the urls correctly and informs the user where they are being sent.

    I feel that this is worth pointing out as a user does not know where they are being sent in the email very clearly, presenting the information clearly and transparently is important otherwise it looks like it could be a malicious email. I’d be interested to hear your/other opinions about this or if I am mistaken. Best regards.

  3. Yeap, this explains why my old Workflowy Chrome app finally stopped working 🙂 I am still surprised that I was able to use the old version for so long despite all the changes that were made. I really like all new changes but there was one hidden feature in the old app that kept me from moving to the latest version – the ability to turn off the animations. There was a nice flag called NO_ANIMATIONS. @Jesse – Do you think it would be possible to add this feature to the current version of the app? Even if only from the code level.

  4. As much as we appreciate this, it does not even remotely replace 2FA! We’ve been waiting for two-factor authentication for years and we hope it is on top of your pipeline, especially given the latest developments!

Leave a Comment

Subscribe to the newsletter

We'll send you a weekly roundup of the latest posts

%d bloggers like this: