smiling man using smartphone and laptop activating 2fa

2FA for email with mail.com

Make your inbox even more secure

  • Apply double layer of protection

  • Two-step login process
  • Easy to activate and use
Smiling man in kitchen holds smartphone while entering code for 2FA on laptop

Set up 2FA

What is two-factor authentication?

The most important factor in protecting your email account is a strong password. But if you don’t want to rely on your password alone, it is possible to set up a two-step verification process known as two-factor authentication, or 2FA, for you email. Once you have activated 2FA, you enter a second, randomly generated code each time you log in to your email mail.com account on your computer, and one time when logging into the Mail App – This gives you better protection any way you check your email, and the security of this dual-factor authentication extends to your associated email accounts, online calendars and address books.

What happens when you turn on two-step verification?

Once you activate 2FA for your email, when you log in you will be asked to provide a second authentication factor in addition to your password: a six-digit one-time code generated by a separate app on your smartphone. Even if someone else knows your password, they will not be able to access your account without entering this code.

How do I set up two-factor authentication for email?

Activation is quick and easy

To give your mail.com inbox an extra layer of protection, you can activate two-factor authentication. Once this 2-step verification is activated, you will be asked to provide a six-digit code in addition to your password when you log in.

Group of icons representing computer, smartphone and 2FA

How to enable 2FA in four easy steps


  1. You will find the 2FA settings in “My Account" under "Frequently Searched.” Click “Two-factor authentication" > “Start setup now” to start the activation process.

  2. After entering your password, please save your cell phone number. A text message (SMS) will be sent to you containing a confirmation code. This step is necessary in case you need to recover your password in the future.

  3. To use 2FA, you must have an authenticator app installed on your smartphone. If you do not yet have one, please download one now. Use this app to scan or copy the QR code. Now enter the 6-digit code that is shown in the app.

  4. In the next step, your secret key will be shown. Please save and print this document. Now check that your contact information is correct – we will need this if you lose your secret key. Once you have confirmed your address, you are finished! Two-factor authentication has been activated.

How to log in with 2FA

Two is better than one

Computer icon with password symbol
In your web browser

After you enter your password, you will be required to enter a one-time password each time you log in. Generate this 6-digit code using a separate authentication app on your smartphone.

Smartphone icon with password symbol
In your mail.com app

To log back in to the app after activating 2FA, you must enter your password and the one-time 6-digit code generated using a separate authentication app. You only have to do this once.

Computer, smartphone and password icons beneath the words “IMAP / POP3”
With external email

If you use an external email program (like Outlook or Thunderbird) to retrieve your emails via POP3/IMAP, you will be asked to save an application-specific password in your email program one time.

Your smartphone authentication app

The second factor

Smartphone icon featuring email symbol alongside symbol representing two-factor authentication

2FA is a multifactor authentication process: the first security factor is your account password; the second, a one-time password (OTP). This means that if you have not done so already, you will have to download a free authentication app on your smartphone to activate and use our two-factor authorization process.

This authentication app generates a new six-digit security code for each login. So you will need your smartphone and the app each time you log in to your email account on your computer as well as the first time you log in to the mail.com app after activating 2FA. mail.com uses a Time-based One-time Password (TOTP) algorithm, which in this case means that the code generated by the app is valid for 30 seconds. So if you don’t use the password within that window, you’ll need to generate a new one to log in to your account.

Please visit the mail.com Help Center for a list of suitable authenticator apps if you are not sure which one to download.

To Help Center

Make your mailbox more secure than ever with two-factor authentication!

Set it up now!

FAQs: 2FA

Do I really need two-factor authentication?

You can use your mail.com account with or without 2FA, so the choice is yours. When deciding whether to activate 2FA, think about your own email security needs. If others may have access to your email password, using two-factor authentication will give your mail.com account an additional layer of protection. However, it will require more effort to log in: You will have to enter a security code in addition to your password and have your smartphone available (see next question).

Do I need my smartphone for two-factor authentication?

Yes, you need a smartphone with an authentication app to set up 2FA and log in for the first time following activation. If you are using 2FA to log in to your mail email account in your computer´s web browser, you will need a one-time password each time as the second factor in the two-step verification process. Because this code is generated by the authentication app you have installed on your smartphone and is only valid for 30 seconds, you must have it at hand whenever you log in. However, you do not need your smartphone or the authenticator app every time you want to log in to the mail.com Mail App – you only need to enter the generated code once. Similarly, you do not need a smartphone every time for external email programs; here you save an app-specific password during activation (see next question).

What is an “app-specific password”?

When using two-factor authentication, you need an app-specific password if you use an external email program (e.g. Outlook or Thunderbird) to retrieve your emails via POP3 / IMAP. In such cases, to enable two-factor authentication you must enter the app-specific password one time. You create an app-specific password for this purpose during the 2FA activation process in your mail.com account. You do not need an app-specific password to log in to your web browser or mai.com app with two-factor authentication.

What exactly is the “secret key” I receive when I activate 2FA?

If you activate 2FA but forget your email password or lose access to your authentication app, you will no longer be able to log in to your mail.com account. To regain access, you have to use the password recovery process and provide your secret key code. When your secret key is generated during the two-factor authentication activation process, we strongly urge you to print it and keep it in a safe place.

What are the advantages of 2FA for email?

The main advantage of 2FA for your email is it keeps your account safe even if your password is hacked. If someone else gets their hands on your password by phishing or even guessing it, they still won’t be able to use it to log into your emails without the second factor of entering the code.

Why did I receive an urgent 2FA activation email?

Have you received an email claiming that you must activate two-factor authentication for an online account immediately? Be careful – this is probably a phishing scam! The 2FA email might state that you have to enable 2FA on your account (or re-authenticate) for security purposes, and that if you don’t act quickly, you will be locked out of your account. The email will have a button or a link or button for you to click to “Activate 2FA”, “Enable Extra Security”, “Protect Your Account Now” or similar.

Unfortunately, such two-factor verification email scams are becoming more common. If you click on the button, you will be taken to a fake login page designed to steal your password or other personal information. Once the scammers have your login credentials, they can access and take over your real account.

If you receive an email that puts you under pressure by claiming that you must take immediate action, it is most likely a scam and you should exercise caution. Please note that mail.com will never send you an email asking you to activate 2FA.

Still don’t have a mail.com account?

Free sign-up