To help protect your Plex account from unauthorized access, you can enable two-factor authentication (also often referred to as “2-Factor Auth” or “2FA”). This makes it so that you need two separate “factors” to be able to sign in to the account: both the regular account password as well as an independent form of authentication that only you know (e.g. a verification code from an authenticator app).

Once you’ve enabled 2FA, you will then need both your account password and the secondary authentication when you sign in to your account in a Plex app or on the website.

Warning: If you are part of a Plex Home, then there will not be any extra prompt for 2FA when switching between members of the Home. You should not join another Plex Home or add anyone to your own Plex Home that you do not live with and do not trust with account access.

How to Enable Two-Factor Authentication (2FA)

Tip!: Two-Factor Authentication setup requires the latest version of our web app. Make sure that you use our hosted app for the setup, as opposed to the local/bundled version that comes with Plex Media Server.

To enable two-factor authentication on your Plex account, first sign in and visit your Account page. On that page, you’ll find a Two-Factor Authentication section, which you can open up. There, you can use the Enable button to open a modal and start setting up 2FA for your account.

Note: Before you can enable 2FA, your Plex account does need a separate password. That means that if you only use Apple/Facebook/Google to sign in to your account, you may need to first create/set a password on your Account page.

After confirming your account password, you’ll see a screen that has a QR code and some instructions.

You’ll need a compatible authenticator app on your phone, tablet, or computer. Any app that uses the standard TOTP protocol should work fine. Some popular example apps:

• 1Password
• Authy
• Google Authenticator
• LastPass
• Microsoft Authenticator
• and many others

Almost all such apps will allow you to use the camera on the mobile device or a screen capture to read the QR code image. In cases where that doesn’t work, you can manually add Plex to the authenticator app using the “text code” that’s also provided.

Once you’ve linked Plex in the authenticator app, it will display a 6-digit verification code. Submit that code in the 2FA setup flow in Plex to complete the link.

The setup will then display a set of 10 recovery codes for you, along with a button that makes it easy to copy them to your clipboard.

Warning!: Make sure that you copy and store these recovery codes in a safe place that you can access without your mobile device. If you lose your authenticator app, a recovery code is the only way you will be able to sign in to the Plex account! These are single-use codes.

When you’ve safely stored the recovery codes, you can finish the flow and your account is now protected by two-factor authentication.

Related Page: Plex Account Page
Related Page: Opening Plex Web App

Signing in with 2FA

Once you’ve enabled 2FA on your account, you will be prompted to provide the extra authentication when signing in to that account. Generally speaking, this will occur as a two step process:

1. Submit the email address (or username) and password
2. Get prompted to provide the second factor verification code
   

Old Third-Party Apps & Tools

In the very rare case where you’re using a Plex app that doesn’t directly support 2FA verification (which typically means it’s a third-party app or tool that isn’t using our standard authentication methods), you can still sign in via 2FA. Specifically, you append a valid verification code to the end of the password when submitting: <password><verification code>

For instance, imagine that your password is “secret” (please, please use a strong, unique password) and that you check your authenticator app and receive the verification code “123456”. You would then submit secret123456 as the password.

If you do run into an app or tool that requires this, we encourage you to contact the author and suggest that they update their app to use the recommended authentication method (see information below in the FAQ section).

Remove or Manage 2FA

Once you have enabled two-factor authentication on your Plex account, you can manage that at any time in the same place: your Account page. There, you can generate new recovery codes or disable 2FA, if desired.

Recovery Codes

During the initial setup process, a set of recovery codes is provided. Those are extremely important, since that’s the only way that you can authenticate your account if you lose access to the regular authenticator app.

If you happen to lose (or use) your recovery codes, you can have a fresh batch generated on your Account page. To do so, you’ll need to authenticate with both your password and a valid verification code. Once you do so:

1. A new set of 10, single-use codes will be provided to you
2. All the the previous recovery codes for your account will be invalidated

Make sure that you store your recovery codes in a secure place that you can access when needed. (e.g. Don’t store them on your mobile device, since if you lose it, you would lose both the authenticator app and the recovery codes at the same time.)

Removing Two-Factor Authentication

From the Account page, you can also disable two-factor authentication on the Plex account. To do so, you’ll need to provide a valid verification code. So, if you lost your authenticator app and wish to disable 2FA, then you would need to use a recovery code to do so.

Frequently Asked Questions

There are a number of common questions that users have regarding two-factor authentication.

What if I lose my authenticator app?

If you lose access to your authenticator app (such as by losing your phone), then you’ll need to use one of your recovery codes to access your account. You can then use another recovery code to disable the existing 2FA setup, which will then allow you to enable it again and link with a new authenticator app.

What if I lose my recovery codes?

Definitely don’t do that. If you can no longer use your authenticator app and you lose your recovery codes, then you will no longer be able to access your Plex account.

Don’t let that happen! Make sure that you safely and securely store your recovery codes in a place that you can access them if you lose access to your authenticator app. For instance, don’t store them on your phone, since you’d lose access to both the authenticator app and the recovery codes if you lost your phone.

Can I have verification codes sent to my phone by text message?

We do not currently support sending verification codes by text message/SMS. You must use a compatible authenticator app instead.

(It’s worth noting that most security professionals consider SMS-based verification to be less secure than using an authenticator app.

Related Page: SMS: The most popular and least secure 2FA method
Related Page: Why 2FA SMS is a Bad Idea
Related Page: Why You Shouldn’t Use SMS for Two-Factor Authentication

If I use Apple/Facebook/Google to sign in, do I get prompted for 2FA?

Imagine that you have a password on your Plex account and have set up 2FA. You’ve also linked your Apple ID to your account:

• If you sign in using your Plex email & password, you will be prompted for your 2FA verification code
• If you instead “Sign in with Apple”, then Apple’s authentication is used and you would not be prompted by Plex for 2FA verification (if you have 2FA set up on your Apple account, then Apple might prompt you to verify)

What about third-party apps or tools?

Third-party apps and tools can still allow you to sign in to a Plex account, even if it’s protected by 2FA. The correct way for the app to do so is by making use of the method outlined in our third-party development forum.

Related Page: Forums: Authenticating with Plex

In very rare cases, though, the third-party app/tool may prompt you to sign in directly in the app/tool, but not support 2FA. In these cases, you can still make use of 2FA by adjusting the password you submit. For details, see the earlier information about how to sign in with 2FA.