Docs: Two-Factor Authentication (MFA)
What is MFA?
-
Multi-factor authentication (MFA) adds an extra layer of security to your Letterbox account.
-
When enabled, you need both your password and a time-based code from an authenticator app to log in.
-
This protects your account even if your password is compromised.
Supported authenticator apps
-
Google Authenticator (Android, iOS)
-
Authy (Android, iOS, Desktop)
-
Microsoft Authenticator (Android, iOS)
-
Any TOTP-compatible authenticator app will work.
Setting up MFA
-
Log in and go to your Profile page.
-
Click the "two-factor auth" button in the account details section.
-
Click "Enable MFA" and copy the secret key into your authenticator app.
-
Enter the 6-digit code from your authenticator app to verify and complete setup.
-
Save the recovery codes shown after setup in a safe place.
Logging in with MFA
-
Enter your email and password as usual.
-
You will be prompted for a 6-digit code from your authenticator app.
-
Enter the current code and you will be logged in.
Recovery codes
-
When you enable MFA, you receive 8 one-time recovery codes.
-
Each recovery code can only be used once to log in.
-
Store these codes securely (e.g. in a password manager or printed in a safe place).
-
You can regenerate recovery codes from the MFA settings page, which will invalidate all previous codes.
Disabling MFA
-
Go to Profile, click "two-factor auth", then "Disable MFA".
-
After disabling, only your password will be required to log in.
Troubleshooting
-
If your codes are not working, check that your device clock is accurate. TOTP codes depend on time synchronisation.
-
If you have lost access to your authenticator app, use one of your recovery codes to log in.
-
If you have lost both your authenticator app and recovery codes, contact support for help regaining access.