Two-Factor Authentication protects your Paddle account with an additional level of security. Also known as 2FA, this technology enables you to safeguard your confidential revenue, customer, and business data and block unauthorized users from accessing your account.
Setting up Two-Factor Authentication on Paddle
To set up 2FA, each user on your account needs to go to their User Settings page. You can use any Authenticator application on your smartphone or tablet such as 2FAS, Google Authenticator, or Microsoft Authenticator.
Before completing the 2FA setup process, you will receive 8 recovery codes which you can use to log in and disable 2FA on your account if you lose your phone. You need to download these codes and keep them in a secure place as we’ll only display them once.
However, if you lose them but still have access to your account, you can generate new recovery codes only if you disable and reactivate 2FA. During this process, you’ll need to scan the QR code again to add a new account in the Authenticator application and the old account will stop working immediately.
Users who installed the app and activated 2FA will be asked to enter the unique verification code created by the app each time they try to login in addition to their username and password.
By generating a one-time code each time you log in, you can be even more confident that your account is safe while mitigating the risk of a potential security breach.
What happens if one of our users gets locked out?
If you don’t have access to your phone, you can use one of the 8 recovery codes to log in to your account and disable 2FA.
In the event one of your users loses both their phone and their recovery codes or gets locked out, you can contact sellers@paddle.com. Our Seller Support team will help you regain access to your account once we have verified your identity.
Can 2FA be enabled for all users on my account?
Yes, all users can enable and use 2FA to secure their account. However, Admins cannot activate 2FA for all users at once. Instead, each user needs to manually opt-in and activate 2FA themselves.
Admins can check the "2FA Status" for all of their users on the Team Members dashboard page.