Login with email (OTP and Google)

Last updated: June 15, 2026

Overview

Safe{Wallet} supports three authentication methods:

  • Email OTP — a one-time code sent to your email address

  • Google sign-in — OAuth via your Google account

  • Sign-In With Ethereum (SIWE) — the existing wallet-based login

Email OTP and Google sign-in are referred to collectively as passwordless email authentication. They are equivalent in security posture and grant the same Workspace permissions. The choice is operational, not security-driven.

Email authentication is required to use a Workspace as a non-signer. It is optional for users who hold Safe owner keys — those users can continue to log in with their wallet.

Login with email OTP

  1. From the Safe{Wallet} login screen, select Continue with email.

  2. Enter your email address.

  3. Check your inbox for a 6-digit one-time code. The code is valid for 10 minutes.

  4. Enter the code to complete sign-in.

If you do not receive the code within two minutes, check your spam folder and confirm the email address. You can request a new code from the login screen.

Login with Google

  1. From the Safe{Wallet} login screen, select Continue with Google.

  2. Authorize Safe{Wallet} in the Google consent screen.

  3. You will be returned to Safe{Wallet} and signed in.

Google sign-in uses standard OAuth 2.0. Safe{Wallet} requests only the email and basic profile scope and does not access Drive, Calendar, or any other Google service.

Connecting an email login to an existing wallet account

If you already use Safe{Wallet} with a wallet and want to add email login to the same account:

  1. Sign in with your wallet as usual.

  2. Open Account settings.

  3. Select Connected sign-in methods and add an email or Google account.

  4. Confirm the verification step from your email.

Once linked, you can sign in with either method and access the same Workspace memberships and permissions.

Security and data handling

  • Email login authorizes Workspace access only. It does not grant signing authority over any Safe. To approve a Safe transaction you must still hold an owner key or use a Passkey signer linked to the Safe.

  • Email addresses are stored encrypted at rest. See How is email stored? for details on the Auth0 integration, encryption, and GDPR posture.

  • Email login sessions expire after 24 hours of inactivity. Sensitive operations (changing roles, removing members) prompt a fresh authentication.

Troubleshooting

OTP code did not arrive. Confirm the email address. Check spam. Allow up to two minutes for delivery. Some corporate mail servers delay first-time senders — add noreply@safe.global to your safe-senders list.

Google sign-in shows "Account already exists with this email." This means an email-OTP account already exists for this address. Sign in with email OTP, then link your Google account from Account settings.

I lost access to my email. Contact your Workspace Admin. They can update your member record to a new email address and re-issue an invitation.