Back to blog page

2FA not working? Use the 2FA secret key to restore access

If you are like a lot of our users, you appreciate the extra security that 2FA gives your email account by requiring a second verification step at login. But what do you do if something goes wrong – like if you no longer have access to the “second factor” because of a problem with the device you use for authentication? Don’t panic – we will get through this together.

What can I do if I have a problem with 2FA?

Setting up two-factor authentication (2FA) is a great way to boost the security of a login process, because it means that even if another person somehow gets their hands on your password, they can’t access your email account. This is because you are asked to enter a second password, this time in the form of a one-time code generated by a separate authenticator app, whenever you log in. In other words, for 2FA to work, you need to enable it in the account in question, you need an authenticator app, and you need access to the device where this app is installed. Here’s where things can occasionally go wrong. Keep reading for troubleshooting tips for any 2FA issues you may be experiencing:
 
  1. What is a secret key?
  2. When should I use the secret key?
  3. What if I can’t find the secret key?
  4. What is a one-time password and what if it doesn’t work?
  5. What is an authenticator app and what if it doesn’t work?
Man eating breakfast while using digital tablet and phone
Problems with 2FA? Your secret key will soon have you smiling again!

What is a “secret key” and how do I get one?

Imagine you have a new device or cell phone number (best case) or have lost your phone (worst case) and so can’t use the app you had installed, but you still need a code for the login process. No worries – the people who developed 2FA also came up with a back-up plan: your secret key.

Your secret key is a kind of 2FA security key that was created as part of the two-factor authentication setup. It is a randomly generated series of numbers and characters that looks something like this: XXX33-44yyy-88ZZ8-5aaa5. During the mail.com 2FA activation process, you were provided with your secret key in a PDF file and prompted to save or print it:
 
Screenshot of secret key creation screen in 2FA activation process
Be sure to save your secret 2FA key some place where you can find it – and make a printout!
 

What do I do if I can’t access my device or authentication app?

If you can’t log in with 2FA because you no longer have access to the device needed to generate a one-time code or can’t use your authentication app for different reasons, you can deactivate two-factor authentication using your secret key. Simply initiate the password recovery process for your mail.com account. During the password resetting process, you will be prompted to enter the secret key and 2FA will be deactivated:
Screenshot of prompt to enter secret key during password recovery process
You can deactivate 2FA by initiating the password reset process and entering your secret key when prompted

If you like, you can then reactivate 2FA by following the same setup process you originally used (which can be found under My Account > Security Options in your mail.com account).

What do I do if I can’t find my secret key?

There is a good chance your computer remembers what you did with your 2FA key even if you don’t! So if you can’t find your printout with the secret key, check if the PDF is still in the download folder of your computer. You may also have saved the file in a different location on your hard drive. Take a moment to check using the Windows File Explorer or Mac Finder search function – if you didn’t change the file name when you saved it, it should be called “Secret Key”.

If none of this helps locate your secret key, you can contact our Help Center so we can attempt to verify your identity. However, please keep in mind that the purpose of 2FA is to protect your email account. This means we take the verification process very seriously, and it can therefore be difficult and take some time.

What is a one-time password?

A one-time-password or OTP adds the second verification method. It is not the same thing as the secret key that you have to keep track of. The OTP is generated by the authenticator app, and it serves as your “second password” for logging into your account. As the name implies, you can only use it one time.  Each time you want to log into an account protected by 2FA, you open your authentication app and it will provide you with a new OTP. If the OTP generated by your authenticator app does not seem to work or you mistype it, simply wait for a new one to be generated – usually every 60 seconds.

What is an authenticator app?

An authenticator app is an application that is downloaded onto your device and from there you will receive a code for 2FA. Many other apps and websites along with the mail.com mail app encourage you to use an authenticator app for secure login and maintaining a secure account. We recommend the Microsoft authenticator app but you can use whichever you prefer -- you'll find more suggestions in our deep dive on OTPs and authenticator apps.

Besides losing access to the app, let’s look at two problems that can occur with an authentication app and how to troubleshoot them.  
  • “I did not receive the code” – Making sure the date and time on your phone is correct, especially during daylight savings time, can make all the difference. If the date and time are not correct on your device and synced, you may not receive the code.
  • “I have a new device and need to transfer my authentication app” – This problem is easily solved by backup and recovery. If you use an IOS or Android device and have backed up to the cloud, transferring your information is simple. If your information is backed up to the cloud, when opening your new device and downloading the authenticator app, you would then open the app and select “begin recovery.” You will then be prompted to sign in using your credentials.
Good to know: Make sure that you have saved at least one valid contact option for your mail.com email account under My Account > Security Options. We need a valid alternative email address or cell phone number in order send you a password recovery link. Not having this contact information saved will slow down the password recovery process, including the deactivation of 2FA. The personal data you save in your account may also be used during the process of verifying your identity, so please make sure it is accurate and up to date.

We hope we were able to help you get 2FA working again! Please leave us some feedback below.

This article first appeared on August 12, 2021 and was updated on November 10, 2022.

Images: 1&1/iStock
 

Posted in

2FA Security Password

141 people found this article helpful.

Related articles

Email 2FA: How can two-factor authentication keep online accounts safer?

Enabling 2FA gives online accounts protection beyond your password. Learn about two-factor authentication, authentication apps and how to activate 2FA. more

What is an OTP authentication app & why do I need it for 2FA?

The second factor in 2FA is a six-digit security code generated by an app that you install on your smartphone, also called an “OTP.” Once you activate 2FA, you’ll need an OTP for each login. more

What to do if you click on a phishing link

If you accidentally click on phishing link in an email or text message, it’s important to act quickly. Follow these 5 steps to protect your device and data. more