Why should I set up 2FA?
Secure login made easy
How to generate a one-time password
To activate two-factor authentication, log in to your GMX email account and go to ‘My Account’. Select > ‘Security Options’ > ‘Two-factor authentication’ > ‘Activate two-factor authentication’. You will now be guided through the activation process. Please have your smartphone at hand. During set-up, you will have to enter a confirmation code that will be sent by text message to your mobile phone number.
If you have not installed an authentication app on your smartphone, please do so before starting the 2FA set-up process. To activate 2FA you will have to enter a 6-digit security code (one-time password) generated by the app. To use two-factor authentication, you will always need your mobile phone and an authentication app.
Only you can know! Using two-factor authentication will further improve the protection of your GMX mailbox. However, it does require more effort on your part, as you have to enter a security code in addition to your password and have your mobile phone at hand during login.
One you have activated two-factor authentication, you need both your account password and an additional one-time password (OTP) to log in – this is the ‘second factor’. The 6-digit code is generated by an authentication app on your smartphone and is only valid for a single entry. GMX uses time-based OTP (TOTP) technology, which also means that each code expires after 30 seconds. After that, a new one is created.
If you use two-factor authentication to log in to your GMX email account in your computer´s web browser, you need a one-time password as the second factor in the two-step verification process. This six-digit code is generated each time by the authentication app you have installed on your smartphone.
You do not need your smartphone or the authentication app every time you want to log in to the GMX Mail App, as you only need to enter the generated code once. Similarly, you do not need a smartphone every time for external email programs – here you only need to save the app-specific password once.
‘OTP’ means ‘One-time Password’. To be precise, GMX uses a technical standard called ‘TOTP’, which stands for ‘Time-based One-time Password’. This simply means that the password expires after a predefined window of time. If you don’t input the code within that limit, the system will automatically create a new one.
You need an app-specific password if you use an external email program such as Outlook or Thunderbird and retrieve your emails via POP3/IMAP. In order to set up two-factor authentication in such email programs, you must enter the app-specific password one time. Should you need an app-specific password for this purpose, you can create one during the 2FA activation process in your GMX account. Please note: You do not need an app-specific password to use two-factor authentication in your web browser or your GMX Mail App.
Suppose you have activated two-factor authentication, but now forgotten your password or lost access to your authentication app. This means you will no longer be able to log in to your inbox. To regain access, you must initiate the password recovery process and enter your secret key when prompted. The secret key is automatically generated during the two-factor authentication set-up process. We recommend that you print the document with the secret key and keep it in a safe place.
If you require more detailed instructions, for instance for the set-up process, the authentication app, or the app-specific password, please visit our GMX Help Center. Here you will find answers to these questions and many more.