Two-Factor Authentication
Add an extra layer of security to your SipherMail account
Even if someone obtains your password, they cannot access your account without the second factor:
- Time-based one-time password (TOTP) from an authenticator app
- Recovery codes (backup method)
- SMS codes (if enabled)
Recommended: Enable 2FA on all accounts that support it, especially email accounts.
Step 1: Go to Settings → Security → Two-Factor Authentication
Step 2: Click "Enable 2FA"
Step 3: Scan the QR code with your authenticator app
• Recommended apps: Google Authenticator, Authy, 1Password, Microsoft Authenticator
• The QR code contains a secret key that syncs with your device
Step 4: Enter the verification code
• Enter the 6-digit code from your authenticator app
• This confirms the setup is working correctly
Step 5: Save recovery codes
• Download or copy the recovery codes
• Store them in a secure location
• Use these if you lose access to your authenticator app
Recovery codes are single-use backup codes that allow you to access your account if you lose your authenticator device.
Important: Store recovery codes securely. If you lose both your authenticator app and recovery codes, you may be locked out of your account permanently.
You can generate new recovery codes at any time from Settings → Security → Recovery Codes. Generating new codes invalidates old ones.
To disable 2FA, go to Settings → Security → Two-Factor Authentication and click "Disable 2FA". You'll need to enter your current 2FA code or a recovery code to confirm.
Warning: Disabling 2FA reduces your account security. Only do this if necessary.