We do not currently offer 2-Factor Authentication to new SpiderOak One users. If you are a legacy user who already has 2-factor authentication enabled on your account, here is the process to request a token.
Any time you log in to your SpiderOak One account via the web, you will need to provide your current username, password, AND a 'token'. The 'token' will be sent to your mobile device and should be entered directly after your password with no spaces or marks between them. For example, if your password is 'red' and the token reads '1234' then you would simply enter 'red1234'.
Each 2-Factor Authentication token you receive is good for twelve hours and can be created here: Token Request. The text message you receive will look similar to the below:
SpiderOak Secure Login Token: 01234567 This code is good for 12 hours. If this login code was unexpected, email firstname.lastname@example.org
You can only request one token every twelve hours. If you try to request a token more frequently than twelve hours, subsequent attempts will silently fail. If two factor authentication is enabled for your account, any login attempt that does not include a current token will also fail (similar to entering an invalid password or a non-existent username).
Finally and as a reminder - even with two factor authentication, the usual recommendation still applies, and accessing your data via the desktop client is more secure than the web.
How to disable 2-factor authentication
Open the SpiderOak application on your computer (not on the web interface) and open the Account menu item. Select the Edit button next to "Credit Card / Billing Information". You will be taken to a secure web page. In the Security - Two Factor Authentication section at the bottom of the page, click on Edit. There you can disable two factor authentication.