To help protect your Plex account from unauthorized access, you can enable two-factor authentication (also often referred to as “2-Factor Auth” or “2FA”). This makes it so that you need two separate “factors” to be able to sign in to the account: both the regular account password as well as an independent form of authentication that only you know (e.g. a verification code from an authenticator app).
Once you’ve enabled 2FA, you will then need both your account password and the secondary authentication when you sign in to your account in a Plex app or on the website.
Warning: If you are part of a Plex Home, then there will not be any extra prompt for 2FA when switching between members of the Home. You should not join another Plex Home or add anyone to your own Plex Home that you do not live with and do not trust with account access.
How to Enable Two-Factor Authentication (2FA)
To enable two-factor authentication on your Plex account, first sign in and visit your Account page. On that page, you’ll find a Two-Factor Authentication section, which you can open up. There, you can use the Enable button to open a modal and start setting up 2FA for your account.
Note: Before you can enable 2FA, your Plex account does need a separate password. That means that if you only use Apple/Facebook/Google to sign in to your account, you may need to first create/set a password on your Account page. You also need to have confirmed/verified your email address. You’ll see an option to do so, if the address isn’t already verified.
After confirming your account password, you’ll see a screen that has a QR code and some instructions.
You’ll need a compatible authenticator app on your phone, tablet, or computer. Any app that uses the standard TOTP protocol should work fine. Some popular example apps:
- 1Password
- Authy
- Google Authenticator
- LastPass
- Microsoft Authenticator
- and many others
Tip!: Some authenticators such as “Authy” or “1Password” support syncing data across devices. This allows you to have an authenticator installed on a phone as well as a tablet or computer and can be very useful in cases where you lose access to a particular device (e.g. your phone breaks or is lost), so you can still generate verification codes.
Note: You should ensure that you have automatic time syncing enabled for any mobile device or computer used for your authenticator app. Having the time/clock set inaccurately on the device could result in verification codes not working.
Almost all such apps will allow you to use the camera on the mobile device or a screen capture to read the QR code image. In cases where that doesn’t work, you can manually add Plex to the authenticator app using the “text code” that’s also provided.
Once you’ve linked Plex in the authenticator app, it will display a 6-digit verification code. Submit that code in the 2FA setup flow in Plex to complete the link.
The setup will then display a set of 10 recovery codes for you, along with a button that makes it easy to copy them to your clipboard.
Warning!: Make sure that you copy and store these recovery codes in a safe place that you can access without your mobile device. If you lose your authenticator app, a recovery code allows you to sign in to the Plex account! These are single-use codes.
When you’ve safely stored the recovery codes, you can finish the flow and your account is now protected by two-factor authentication.
Related Page: Plex Account Page
Related Page: Opening Plex Web App
Signing in with 2FA
Once you’ve enabled 2FA on your account, you will be prompted to provide the extra authentication when signing in to that account. Generally speaking, this will occur as a two step process:
- Submit the email address (or username) and password
- Get prompted to provide the second factor verification code
Old Third-Party Apps & Tools
In the very rare case where you’re using a Plex app that doesn’t directly support 2FA verification (which typically means it’s a third-party app or tool that isn’t using our standard authentication methods), you can still sign in via 2FA. Specifically, you append a valid verification code to the end of the password when submitting: <password><verification code>
For instance, imagine that your password is “secret” (please, please use a strong, unique password) and that you check your authenticator app and receive the verification code “123456”. You would then submit secret123456
as the password.
If you do run into an app or tool that requires this, we encourage you to contact the author and suggest that they update their app to use the recommended authentication method (see information below in the FAQ section).
Remove or Manage 2FA
Once you have enabled two-factor authentication on your Plex account, you can manage that at any time in the same place: your Account page. There, you can generate new recovery codes or disable 2FA, if desired.
Recovery Codes
During the initial setup process, a set of recovery codes is provided. Those are extremely important, since they allow you to authenticate your account if you lose access to the regular authenticator app.
If you happen to lose (or use) your recovery codes, you can have a fresh batch generated on your Account page. To do so, you’ll need to authenticate with both your password and a valid verification code. Once you do so:
- A new set of 10, single-use codes will be provided to you
- All the the previous recovery codes for your account will be invalidated
Make sure that you store your recovery codes in a secure place that you can access when needed. (e.g. Don’t store them on your mobile device, since if you lose it, you would lose both the authenticator app and the recovery codes at the same time.)
Removing Two-Factor Authentication
From the Account page, you can also disable two-factor authentication on the Plex account. To do so, you’ll need to provide a valid verification code.
Frequently Asked Questions
There are a number of common questions that users have regarding two-factor authentication.
What if I lose my authenticator app?
If you lose access to your authenticator app (such as by losing your phone), then you can use one of your recovery codes to access your account. You can then use a second recovery code to disable the existing 2FA setup, which will then allow you to enable it again and link with a new authenticator app.
What if I lose my recovery codes?
Definitely don’t do that – don’t let that happen! Make sure that you safely and securely store your recovery codes in a place that you can access them if you lose access to your authenticator app. For instance, don’t store them on your phone, since you’d lose access to both the authenticator app and the recovery codes if you lost your phone.
That said, you can have a single-use, time-limited verification code sent to the email address associated with your account. See below.
Can I have verification codes sent to my phone by text message?
We do not currently support sending verification codes by text message/SMS. You must use a compatible authenticator app instead.
Related Page: SMS: The most popular and least secure 2FA method
Related Page: Why 2FA SMS is a Bad Idea
Related Page: Why You Shouldn’t Use SMS for Two-Factor Authentication
Can I have verification codes sent to my email address?
If you lose access to both your authenticator app and your recovery codes, you can have a single-use code sent to the email address that’s associated with the Plex account. To do so:
- Go to the Sign In page on our website
- Enter the regular email/username and password for the account
- On the page to enter the verification code, you can choose the Verify another way option
- You’ll see a page where you can request a code be emailed to the account’s registered address
- After using the button, an email will be sent, which contains a special verification code (it is not a 6-digit number)
- Take the time-limited code from the email and submit it as the verification code
If I use Apple/Facebook/Google to sign in, do I get prompted for 2FA?
Imagine that you have a password on your Plex account and have set up 2FA. You’ve also linked your Apple ID to your account:
- If you sign in using your Plex email & password, you will be prompted for your 2FA verification code
- If you instead “Sign in with Apple”, then Apple’s authentication is used and you would not be prompted by Plex for 2FA verification (if you have 2FA set up on your Apple account, then Apple might prompt you to verify)
What about third-party apps or tools?
Third-party apps and tools can still allow you to sign in to a Plex account, even if it’s protected by 2FA. The correct way for the app to do so is by making use of the method outlined in our third-party development forum.
Related Page: Forums: Authenticating with Plex
In very rare cases, though, the third-party app/tool may prompt you to sign in directly in the app/tool, but not support 2FA. In these cases, you can still make use of 2FA by adjusting the password you submit. For details, see the earlier information about how to sign in with 2FA.