smiling man using smartphone and laptop activating 2fa

2FA with mail.com

Make your inbox even more secure

  • Apply double layer of protection

  • Two-step login process
  • Easy to activate and use
Smiling man in kitchen holds smartphone while entering code for 2FA on laptop

What is two-factor authentication?

The most important factor in protecting your email account is a strong password. But if you don’t want to rely on your password alone, it is possible to set up a two-step verification process known as two-factor authentication, or 2FA. This means that when you log in to your mail.com account, in addition to your password you will be asked to provide a second authentication factor, a six-digit one-time code generated by a separate app on your smartphone. Even if someone else knows your password, they will not be able to access your account without entering this code. Once you have activated 2FA, you use it to log in to your email account on your computer, the Mail App and MailCheck – for better protection any way you check your email. The security of this dual-factor authentication extends to your associated email accounts, online calendars and address books.

How do I set up two-factor authentication?

Activation is quick and easy

To give your mail.com inbox an extra layer of protection, you can activate two-factor authentication. Once 2FA is activated, you will be asked to provide a six-digit code in addition to your password when you log in.

Just follow these easy steps to activate:

Group of icons representing computer, smartphone and 2FA
  • You will find the 2FA settings in “My Account” under “Security Options.” Under “Two-factor authentication,” click on “Activate two-factor authentication” to start the setup assistant.
  • After entering your password, please save your cell phone number. A text message (SMS) will be sent to you containing a confirmation code. This step is necessary in case you need to recover your password in the future.
  • To use 2FA, you must have an authenticator app installed on your smartphone. If you do not yet have one, please download one now. Use this app to scan or copy the QR code. Now enter the 6-digit code that is shown in the app.
  • In the next step, your secret key will be shown. Please save and print this document. Now check that your contact information is correct – we will need this if you lose your secret key. Once you have confirmed your address, you are finished! Two-factor authentication has been activated.

Two is better than one

How to log in with 2FA

Computer icon with password symbol
In your web browser

After you enter your password, you will be required to enter a one-time password each time you log in. Generate this 6-digit code using a separate authentication app on your smartphone.

Smartphone icon with password symbol
In your mail.com app

To log back in to the app after activating 2FA, you must enter your password and the one-time 6-digit code generated using a separate authentication app. You only have to do this once.

Computer, smartphone and password icons beneath the words “IMAP / POP3”
With external email

If you use an external email program (like Outlook or Thunderbird) to retrieve your emails via POP3/IMAP, you will be asked to save an application-specific password in your email program one time.

The second factor

Your smartphone authentication app

Smartphone icon featuring email symbol alongside symbol representing two-factor authentication

2FA is a multifactor authentication process: the first security factor is your account password; the second, a one-time password (OTP). This means that if you have not done so already, you will have to download a free authentication app on your smartphone to activate and use our two-factor authorization process.

This authentication app generates a new six-digit security code for each login. So you will need your smartphone and the app each time you log in to your email account on your computer as well as the first time you log in to the mail.com app after activating 2FA. mail.com uses a Time-based One-time Password (TOTP) algorithm, which in this case means that the code generated by the app is valid for 30 seconds. So if you don’t use the password within that window, you’ll need to generate a new one to log in to your account.

Please visit the mail.com Help Center for a list of suitable authenticator apps if you are not sure which one to download.

To Help Center

Make your mailbox more secure than ever with two-factor authentication!

FAQs: 2FA

Do I really need two-factor authentication?

You can use your mail.com account with or without 2FA, so the choice is yours. When deciding whether to activate 2FA, think about your own email security needs. If others may have access to your email password, using two-factor authentication will give your mail.com account an additional layer of protection. However, it will require more effort to log in: You will have to enter a security code in addition to your password and have your smartphone available (see next question).

Do I need my smartphone for two-factor authentication?

Yes, you need a smartphone with an authentication app to set up 2FA and log in for the first time following activation. If you are using 2FA to log in to your mail email account in your computer´s web browser, you will need a one-time password each time as the second factor in the two-step verification process. Because this code is generated by the authentication app you have installed on your smartphone and is only valid for 30 seconds, you must have it at hand whenever you log in. However, you do not need your smartphone or the authenticator app every time you want to log in to the mail.com Mail App – you only need to enter the generated code once. Similarly, you do not need a smartphone every time for external email programs; here you save an app-specific password during activation (see next question).

What is an “app-specific password”?

When using two-factor authentication, you need an app-specific password if you use an external email program (e.g. Outlook or Thunderbird) to retrieve your emails via POP3 / IMAP. In such cases, to enable two-factor authentication you must enter the app-specific password one time. You create an app-specific password for this purpose during the 2FA activation process in your mail.com account. You do not need an app-specific password to log in to your web browser or mai.com app with two-factor authentication.

What exactly is the “secret key” I receive when I activate 2FA?

If you activate 2FA but forget your email password or lose access to your authentication app, you will no longer be able to log in to your mail.com account. To regain access, you have to use the password recovery process and provide your secret key code. When your secret key is generated during the two-factor authentication activation process, we strongly urge you to print it and keep it in a safe place.

I need more help with this!

If you require more detailed instructions, e.g. for the set-up process, the authentication app, or the app-specific password, please visit our Help Center. Here you will find answers to these questions and many more.

Still don’t have a mail.com account?