How to enable 2FA on Private Email
Two-Factor Authentication (2FA) is an option that provides an extra layer of security to your Private Email account in addition to your email and password. When Two-Factor Authentication is enabled, your account cannot be accessed by anyone unauthorized by you, even if they have stolen your password.
With Private Email, we provide two verification options:
Google Authenticator or compatible - based on TOTP method (Time-based One Time Password)
Yubikey, Google Security Keys, or compatible FIDO device - (U2F method)
PLEASE NOTE: Two-Factor Authentication is only available for our web interface.
The settings for enabling 2FA can be found in the Private Email account >> Settings >> Security >> 2-Step Verification:
To configure Two-Factor Authentication using the TOTP method, you need to install the authentication tool on your device, e.g., Google Authenticator, Authy, LastPass Authenticator, etc.
1. Choose the Google Authentication or compatible option from the 2-Step Verification menu in the Private Email account:
2. Then, scan the QR code with the authentication app you’ve installed on your device:
If, for some reason, you cannot scan the QR code, enter the text code shown below into your app as a Key manually.
3. Confirm by selecting the Time based option (the dot should appear on the right-hand side of the slider as in the image above).
4. After scanning the QR code or manually entering the text code, the app will display the six-digit authentication code you need to enter in your Private Email account to finish the setup:
5. Click Ok to add the authentication code. The next and final setting is Add Recovery Option. This option provides a backup code, needed for accessing your account if for any reason you are not able to check the authentication code for some reason:
6. Save the recovery code in a very secure location first of all and in any convenient for your way to be able to use it if needed.
Login to Private Email account with 2FA
In order to log in to your mailbox with 2FA enabled, you will need to enter the authentication code from the tool you configured in the previous step.
The code is valid for 30 seconds. As soon as the time expires, a new code is automatically generated, which again is valid for 30 seconds.
Click Next to proceed and login your email account:
PLEASE NOTE: There are only six attempts for pasting authentication code. Any more attempts will result in a temporary block on your account. This last six minutes until you can retry.
If, for some reason, you do not have access to the app on your device or the authentication code you’ve entered do not work, you can click I lost my device to log in using your saved backup code:
Yubikey, Google Security Keys, or compatible FIDO device
This option provides a Universal Second Factor
authentication method which helps you to protect your account using specialized physical devices. With U2F, the login is secured by the device as soon as you connect it over USB port, so nothing is cached.
Once you’ve configured your device to work with Private Email, you will authenticate yourself with your username and password, and then prove you’re the legitimate owner of the account with a tap on the device.
To get started, you’ll need just a few things:
- A U2F security key. You can use any U2F key for 2FA, like the YubiKey authentication token.
- Google Chrome, Mozilla Firefox or Edge browser.
To configure a U2F, you should link your U2F key to your Private Email account.
To set up U2F Verification, choose Yubikey, Google Security Keys, or compatible FIDOdevice
The next step will be to connect your U2F security key to your computer. For this, insert your U2F security key into your computer’s USB port and activate the device:
After that, you will see your installed device in the Verification Options.
You can rename it by clicking the Edit button if you want.
You can add Recovery Options in the event you lose or are unable to use your security token for 2FA or something happens to the U2F key.
Click on Add recovery option >> Backup code to access your account and you will see the recovery code, that can be copied, printed, or downloaded:
Save the recovery code in a secure place and click Ok:
The next time you log into your Private Email account, a prompt will appear asking you to insert your U2F security key to complete the authorization.
If you want to Delete a 2FA option you have set up, you can easily do it in the Settings >> Security >> 2-Step Verification >> Trash Icon next to the option in question: