2FA with GMX

For even more secure email

  • Extra protection for your inbox

  • Use with authenticator app
  • Log in with one-time password
Mail icon with symbols representing two authentication factors

Two-factor authentication

Why should I set up 2FA?

Do you have concerns about cybersecurity? Would you like to boost the protection of your GMX email account? Have you heard about the security benefits of two-factor authentication, also known as 2FA, and wondered if it is for you?

This two-step verification process has several benefits:

Computer and smartphone icons with symbol representing 2FA
  • Even if your password should fall into the wrong hands, no one can log in to your email account without a time-based one-time password generated by an authenticator app on your smartphone.
  • Once you have enabled 2FA, you use it not only to log in to your email account on your computer, but also the GMX Mail App and GMX MailCheck – for better protection everywhere.
  • The security of GMX two-factor authentication extends to your associated email accounts, online calendars and address books, like Outlook and CalDAV.

How does two-factor authentication work?

Secure login made easy

Computer icon with password symbol

Web browser

When you log in to your GMX email account in your computer’s web browser, in addition to your password you must enter a 6-digit security code each time. You generate this code on your smartphone using a separate authentication app.

Smartphone icon with password symbol

GMX Mail App

When you activate 2FA, you will initially be logged out of your GMX Mail App. To log back in to the app, you need your password and a one-time 6-digit security code generated using a separate authentication app. You only have to do this once.

Computer, smartphone and password icons under the words “IMAP / POP3”

Third-party email programs

If you retrieve your emails via POP3/IMAP using an external email program such as Outlook or Thunderbird, you will be asked to enter an application-specific password once in your email program when you activate two-factor authentication.

Make your GMX mailbox more secure than ever with two-factor authentication!

Protection times two

How to generate a one-time password

Smartphone icon with mail symbol on screen next to symbol representing 2FA

2FA is a multifactor authentication process, with the second factor provided by an OTP (one-time password) app on your smartphone. This separate authentication app generates a six-digit security code for you to enter when using the two-factor authorisation. Therefore, you will need your smartphone and the app each time you log in to your email account on your computer as well as the first time you log in to the GMX Mail App after activating 2FA.

This means that if you do not have one already, you will have to install a free authenticator app on your smartphone in order to use 2FA. Once installed, such apps also work without a connection to a mobile network. Please see our GMX Help Center if you are not sure which authenticator app to use – we have put together a list for you.

To GMX Help


How do I set up two-factor authentication?

To activate two-factor authentication, log in to your GMX email account and go to ‘My Account’. Select > ‘Security Options’ > ‘Two-factor authentication’ > ‘Activate two-factor authentication’. You will now be guided through the activation process. Please have your smartphone at hand. During set-up, you will have to enter a confirmation code that will be sent by text message to your mobile phone number.

If you have not installed an authentication app on your smartphone, please do so before starting the 2FA set-up process. To activate 2FA you will have to enter a 6-digit security code (one-time password) generated by the app. To use two-factor authentication, you will always need your mobile phone and an authentication app.

Do I need two-factor authentication?

Only you can know! Using two-factor authentication will further improve the protection of your GMX mailbox. However, it does require more effort on your part, as you have to enter a security code in addition to your password and have your mobile phone at hand during login.

What is the second factor in two-factor authentication?

One you have activated two-factor authentication, you need both your account password and an additional one-time password (OTP) to log in – this is the ‘second factor’. The 6-digit code is generated by an authentication app on your smartphone and is only valid for a single entry. GMX uses time-based OTP (TOTP) technology, which also means that each code expires after 30 seconds. After that, a new one is created.

Do I always need my smartphone for 2FA?

If you use two-factor authentication to log in to your GMX email account in your computer´s web browser, you need a one-time password as the second factor in the two-step verification process. This six-digit code is generated each time by the authentication app you have installed on your smartphone.

You do not need your smartphone or the authentication app every time you want to log in to the GMX Mail App, as you only need to enter the generated code once. Similarly, you do not need a smartphone every time for external email programs – here you only need to save the app-specific password once.

What does ‘OTP‘ mean?

‘OTP’ means ‘One-time Password’. To be precise, GMX uses a technical standard called ‘TOTP’, which stands for ‘Time-based One-time Password’. This simply means that the password expires after a predefined window of time. If you don’t input the code within that limit, the system will automatically create a new one.

What is an ‘app-specific password’ and why do I need it one?

You need an app-specific password if you use an external email program such as Outlook or Thunderbird and retrieve your emails via POP3/IMAP. In order to set up two-factor authentication in such email programs, you must enter the app-specific password one time. Should you need an app-specific password for this purpose, you can create one during the 2FA activation process in your GMX account. Please note: You do not need an app-specific password to use two-factor authentication in your web browser or your GMX Mail App.

Why do I need a ‘secret key’?

Suppose you have activated two-factor authentication, but now forgotten your password or lost access to your authentication app. This means you will no longer be able to log in to your inbox. To regain access, you must initiate the password recovery process and enter your secret key when prompted. The secret key is automatically generated during the two-factor authentication set-up process. We recommend that you print the document with the secret key and keep it in a safe place.

Where can I find more help with this?

If you require more detailed instructions, for instance for the set-up process, the authentication app, or the app-specific password, please visit our GMX Help Center. Here you will find answers to these questions and many more.

No GMX account yet?