# Users can't login with 2FA via email (Severity 2) **Problem**: Free-tier users could not log in with email-based two-factor authentication, receiving 403 errors after entering their 2FA code. **Impact**: Free-tier users who relied on email-based two-factor authentication were unable to log in for about 14 hours. Approximately 40 support tickets were opened due to this issue. After the Cloudflare rule was updated, affected users and team members confirmed successful logins. **Causes**: Cloudflare's managed challenge was triggered on XHR sign-in requests, blocking authentication attempts with email-based 2FA for free-tier users. This challenge was due to a recent Cloudflare rule, which resulted in 403 errors and prevented logins. Exempting these sign-in requests from the Cloudflare rule resolved the issue. **Response strategy**: We escalated the issue to the authentication and network teams, confirmed Cloudflare's rule was causing the problem, and updated Cloudflare configuration to exempt the affected sign-in requests. This restored access for users. We continue to monitor for recurrence and are investigating what triggered the Cloudflare behavior. _This ticket was created to track_ [_INC-8925_](https://app.incident.io/gitlab/incidents/8925)_, by_ [_incident.io_](https://app.incident.io) 🔥