Two-Factor Authentication

Recurly provides enhanced security and protection through two-factor authentication. Users are prompted to authenticate providing two pieces of information - user password and the verification code. The additional layer of security ensures that only intended Recurly users can access their account.

How it works

When you enable Two-Factor Authentication for your Recurly account, you are required to enter your password and a second authentication code when you login to Recurly. You will be required to do this if it has been more than 14 days since your last session, or if you log in from an unrecognized device. The authentication code can be delivered to you either by SMS or via an authenticator app that you can download to your mobile device, laptop or desktop computer.

Two-Factor Authentication is associated with your user profile in Recurly. So if you have access to more than 1 Recurly site (e.g. a sandbox site and a production site) with the same email address, if you enable two-factor authentication, it will apply regardless of which site you are logging in to.

Enabling Two-Factor Authentication

To enable Two-Factor Authentication, access your user profile in Recurly, click the link and follow the on-screen instructions. There are several important steps in the flow:

You will be asked to enter your password. This helps ensure that only you can enable Two-Factor Authentication.
You will have the option to select one of two verification methods, either SMS or an authenticator app:

Using SMS

If SMS is selected you will be asked to enter a mobile phone number to which you can receive SMS text messages. Recurly will send an SMS message to the phone number entered. You will enter the code that was sent to your mobile device.

Using an Authenticator App

Recurly supports a variety of authenticator apps, such as Twilio Authy, Okta Verify, Google Authenticator, Microsoft Authenticator, LastPass Authenticator, and other popular examples.


You can install most authenticator apps on your mobile device, or on your desktop. Certain web browsers also offer a plug-in that allows you to launch the desktop app from your browser window.

If authenticator app verification is selected, you will be presented with a QR code that you can scan using your chosen authenticator app. If you encounter any issues when attempting to scan the QR code, a human readable code is provided that can be manually entered into the authenticator app instead.


Recurly generates the QR code for you to scan into your authenticator app (e.g. Twilio Authy). Your authenticator app will then generate a code to be entered into the text box. If the code is entered correctly, two-factor authentication will be enabled on the account.

Switching Two-Factor Authentication methods

Follow the instructions below in order to switch between using SMS and an authenticator app for 2FA:

In your users profile, under “Options”, select the option titled “Change authentication method”.


The dialog box for enabling 2FA will pop up. Note: the option for your current authentication method will be grayed out as Recurly does not currently support updating the current method.


Follow the instructions to configure the selected authentication method


What do I do if I forgot my mobile device?

If you have enabled Two-Factor Authentication and you are being prompted to enter the additional authentication code, but you don't have your mobile device to which the authentication code has been sent, there are several steps that you can take.

  • Many authenticator apps provide options for account restoration or for usage of an alternative device (e.g. desktop computer) to receive authentication codes. Check the documentation for your chosen authenticator app to see what options are available.
  • Contact your Recurly site administrator. Recurly users who have admin privileges can disable Two-Factor Authentication on your profile, so that you can then log in with just your password.
  • Contact Recurly Support, who will be able to disable Two-Factor Authentication on your profile, so that you can then log in with just your password.

Other troubleshooting tips:

  • If you have Two-Factor Authentication enabled, make sure you are logged into your Recurly site from If you try to login at https://[yoursitename] when you have Two-Factor Authentication enabled, you will not be able to complete the login.
  • If your authentication fails several times, you may wish to synchronize your phone's clock with your mobile provider. Often, this involves checking the "Set automatically" option on your phone's clock, rather than providing your own time zone.
  • Not getting text messages? If you are attempting to log in, or enable Two-Factor Authentication, but are not receiving an authentication code via SMS please ensure that your phone number has been entered correctly.
  • Code not working? Make sure you are not entering spaces between the numbers from the code. Try manually entering the code and leaving the spaces out.

Instructions for site admin users:

  • Site admin users can disable Two-Factor Authentication for any site user
  • Navigate to the Users section in Recurly
  • Click to edit the profile for the user who needs Two-Factor Authentication disabled
  • On the subsequent page, click the link to "disable" Two-Factor Authentication in the right-hand card