Two-Factor Authentication protects your Paddle account with an additional level of security. Also known as 2FA, this technology enables you to safeguard your confidential revenue, customer, and business data and block unauthorized users from accessing your account.
Setting up Two-Factor Authentication on Paddle
To set up 2FA, each individual user on your account needs to go to their User Settings page. You can use any Authenticator application on your smartphone or tablet such as Google Authenticator (iPhone, Android, BlackBerry) or Authenticator (Windows Phone).
Before completing the 2FA setup process, you will receive 8 recovery codes which you can use to login and disable 2FA on your account if you lose your phone. You need to download these codes and keep them in a secure place as we’ll only display them once.
However, if you lose them but still have access to your account, you can generate new recovery codes only if you disable and reactivate 2FA. During this process, you’ll need to scan the QR code again to add a new account in the Authenticator application and the old account will stop working immediately.
Users who installed the app and activated 2FA will be asked to enter the unique verification code created by the app each time they try to login in addition to their username and password.
By generating a one-time code each time you login, you can be even more confident that your account is safe while mitigating the risk of a potential security breach.
What happens if one of our users gets locked out?
If you don’t have access to your phone, you can use one of the 8 recovery codes to login to your account and disable 2FA.
In the event one of your users loses both their phone and their recovery codes or gets locked out, you can contact sellers@paddle.com. Our Seller Support team will help you regain access to your account once we can verify you.
Can 2FA be enabled for all users on my account?
Yes, each user can enable and use 2FA to secure their account. However, Admins cannot activate 2FA for all users at once. Instead, each user needs to manually opt-in and activate 2FA themselves.