Two-factor authentication

For more security

  • Set up extra protection

  • Use app authentication
  • Log in with a one-time code
Two authentication factors shown as symbols next to mail icon

What is two-factor authentication?

Discover the benefits of 2FA

Would you like to give your GMX mailbox an additional layer of protection? With the help of two-factor authentication, also known as 2FA, it’s no problem! After 2FA is enabled, you will be prompted not only for your password but also for a 6-digit one-time password (OTP), which you generate on your smartphone using an authentication app.

The advantages of this two-step verification:

Computer, smartphone and 2FA symbols grouped together
  • Better protected: With two-factor authentication, you make the login process more secure by automatically providing more protection against unauthorized access.
  • Second factor: Thanks to your personal security code, you always retain full control over your mailbox – even if your password should actually be stolen.
  • Secure everywhere: You can use 2FA to log in to your GMX inbox on your computer and in the GMX Mail App as well as external email programs linked to your account.

Double protection

How 2FA works

Password symbol with computer icon

In your GMX mailbox on the Web

Each time you log in to your mailbox in the browser, you need both your password and a 6-digit security code, which is created by an authentication app on your smartphone.

Password symbol with smartphone icon

In your GMX Mail App

To log in to the app, you first need your password again. Then you enter a 6-digit security code once, which is also generated via the authentication app.

“IMAP / POP3” written at top of image above icons representing computer, smartphone and password

In third-party email programs

Do you retrieve your emails using an external email program (e.g. Outlook or Thunderbird) via POP3/ IMAP? Then you enter an application-specific password once in your email program.

Would you like to make your GMX mailbox even more secure? Then use two-factor authentication!

Additional factor = additional app

What you need to know about the authentication app

Two-factor authentication symbol alongside icon of smartphone showing mail symbol

For the two-step verification process, you need an authentication app (also known as an authenticator or OTP app) on your smartphone. This app generates a six-digit security code that you must enter when setting up two-factor authentication. A new code is created every 30 seconds and must be input during this window of time, after which it is no longer valid. You also need the app each time you log in to your email account on your computer, and once to log in to the GMX Mail App.

What does this mean for you? To use two-factor authentication, you must install a free authenticator on your smartphone. This app will then also work without a cellular network. If you are unsure which app to use, please see our GMX Help Center, where we have put together a list of suitable apps for you.

To GMX Help


Does two-factor authentication make sense for my mailbox?

You decide for yourself! Basically, the use of two-factor authentication improves the protection of your GMX mailbox, but logging in also involves more effort, since you have to enter a second factor in addition to your password.

Why is it called two-factor authentication?

Access to your GMX mailbox after activating two-factor authentication requires your password and an additional one-time code. This code represents the "second factor". It consists of a six-digit number combination and must be generated once on the PC for each login and in the GMX Mail App via an authentication app on your smartphone and entered in the application.

When using external email programs, such as Outlook or Thunderbird, you need an app-specific password that can be generated on the PC during the activation of two-factor authentication and must be stored once in the respective program.

How do I enable and disable two-factor authentication?

You can enable or disable two-factor authentication free of charge in the “My Account” section of your GMX mailbox. Select "Security Options" in the navigation and click on the link "Enable two-factor authentication" or "Disable two-factor authentication" under "Two-factor authentication" – you will be guided through the activation or deactivation process.

Please be sure to have your smartphone ready! During setup, you must enter a confirmation code, which you will receive by text message to your mobile phone number. You will also have to enter a 6-digit security code here, which you will receive via the previously downloaded authentication app. To activate two-factor authentication, you will always need your mobile phone.

Do I really always need my smartphone to log in?

On your PC, yes: if you use two-factor authentication for logging in to your GMX account in your computer´s internet browser, you will need a one-time code from your authentication app on your smartphone for each login. This code expires after 30 seconds, after which a new one is automatically generated. It is therefore important that you always have access to your mobile phone when logging in on your PC.

To log in to the GMX Mail App, you do not need your smartphone or the authentication app on your mobile phone every time, since you only need to enter the generated code once.

You do not need a smartphone to log in to external email programs. Here it is sufficient to save the app-specific password once.

What is a one-time password?

A one-time password, or "OTP", is generated by an authentication app that you install on your smartphone. In this case, the six-digit code is also known as a "time-based one-time password" (TOTP) because of the technical system used. Such passwords are only valid for a specific period of time, in this case 30 seconds. You must input the code within that window or a new one will be automatically generated by the app.

What is behind the app-specific password and what do I need it for?

You can have the app-specific password created during the activation of two-factor authentication. You need it if you retrieve your emails via POP3/IMAP and use an external email program such as Outlook or Thunderbird. In order to set up two-factor authentication in the respective email program, you must enter the app-specific password there once. For two-factor authentication on the PC or in your GMX Mail App, you do not need an app-specific password.

What's the secret key all about and what do I need it for?

The secret key is automatically generated during the two-factor authentication setup process and allows you to regain access to your account in case of an emergency.

If you have activated two-factor authentication and can no longer log into your mailbox – for example, because you forgot your password or no longer have access to the authentication app – start the password recovery process and enter the required secret key in the appropriate place.

It is, however, important to remember that after entering the secret key, the two-factor authentication is automatically deactivated in your GMX mailbox. To reactivate it, you must first assign a new password to your mailbox and restart the setup process.

We recommend that you keep the document with the secret key – preferably printed out – on file in a safe place.

I have more questions about two-factor authentication!

Still unsure if you want to set up two-factor authentication for your GMX mailbox? Or do you have more detailed questions – for example about the setup wizard, the authentication app or the app-specific password? Answers to these questions and much more can be found clearly summarized in the GMX Help Center.

No GMX account yet?