Skip to content
  • There are no suggestions because the search field is empty.

Set up and manage multi-factor authentication (MFA)

Multi-factor authentication (MFA) adds a second check at sign-in, so even if someone learns your password, they still can't get into your account. You can now set up more than one verification method and choose which to use each time you sign in.

The methods you can use

You can add any combination of these methods from your security settings:

  • Passkey: Sign in with your device's fingerprint, face, or screen lock, or with a hardware security key. It's the fastest and most secure option, with nothing to type or copy. Each passkey is tied to the device you set it up on, so most people add one per device.
  • Authenticator app: A 6-digit code that refreshes every 30 seconds in an app such as Google Authenticator, Microsoft Authenticator, Authy, or 1Password. You scan a QR code once during setup, and it works without cell signal or email.
  • Text message: We text a one-time code via SMS to your cell phone. You can add or update your phone number during setup.
  • Email: We email a one-time code to your account's email address. This stays available as a fallback
  • Recovery codes: A set of one-time backup codes you can save somewhere safe, like a password manager or a printed copy locked away. If you ever lose your phone or your passkey device, you can sign in with a recovery code. Each code works once, and you can generate a fresh set anytime

How to add a method

  1. Log in to your Paubox account
  2. In the left navigation, click on your user icon
  3. Go to Profile > Security
  4. On the Security card, select Add a method
  5. Pick the method type 
  6. Give the method a name, like "Work laptop" or "Personal phone," so you can tell your methods apart

How to manage your methods

Everything lives on the Profile > Security card:

  • Name your methods so you can identify each one at a glance
  • See when each method was last used to help you spot and clean up any you no longer recognize
  • Remove a method using the confirmation step, so you don't remove one by accident

Two guardrails protect you from getting locked out:

  • You can't remove your last remaining method. There's always at least one way back in
  • Email always stays available as a fallback and can't be removed

What signing in looks like

  1. Enter your username and password as usual or use SSO.
  2. If you have one method, we send or prompt it automatically. If you have several, you choose which to use.
  3. Complete the check by approving the passkey or entering the code.
  4. If you're stuck after losing a phone or moving to a new device, choose Use a recovery code. This option appears only if you've generated recovery codes.

First-time setup

You'll be guided to set up a method right after you sign in. Once that's done, you'll land on your normal home page. You can add more methods and recovery codes anytime from Profile > Security.

Frequently asked questions

Do I have to use passkeys?
No. Passkeys are the recommended option, but text, authenticator app, and email all still work.

What if I get a new phone?
Add a method on the new device first, or use a recovery code to sign in, then update your methods.

Are my old settings affected?
No. If you already had text or email MFA, it keeps working. You can now simply add more.