Xiaomi is finally enabling two-factor authentication (2FA) for Mi accounts. It will start rolling off in MIUI 10 first. The feature will allow users to secure their accounts by receiving a special access code for login.
The company is adding device-based 2FA that sends a notification to another connected device when you try to login on another device with your Mi account. You will have to manually authorise the new device to allow the login or decline it. Whenever you attempt to log in from a new device or a new location, you will have to go through 2FA.
For now, there are two options but both are device-based authentication methods. You can either allow login on a different device by tapping the notification sent to your connected device. Or you will be sent a code to a connected device that can be entered on the new device to log in. There isn't an option to enable SMS-based 2FA yet but we think it will be added later.
Reported by XDA, having 2FA on your account will offer better security for the users, especially the ones who use Mi Cloud. Enthusiasts who play around with their Xiaomi devices to install custom software have to unlock their bootloader which can only be done using a Mi account. This makes it difficult for someone who would try to misuse the device access.