Two-Factor Authentication

Recurly provides enhanced security and protection through two-factor authentication. Users are prompted to authenticate providing two pieces of information - user password and the verification code. The additional layer of security ensures that only intended Recurly users can access their account.

How it works

When you enable Two-Factor Authentication for your Recurly account, you are required to enter your password and a second authentication code when you login to Recurly. You will be required to do this if it has been more than 14 days since your last session, or if you log in from an unrecognized device. The authentication code can be delivered to you either by SMS or via the Authy app that you can download to your mobile device, laptop or desktop computer.

Two-Factor Authentication is associated with your user profile in Recurly. So if you have access to more than 1 Recurly site (e.g. a sandbox site and a production site) with the same email address, if you enable two-factor authentication, it will apply regardless of which site you are logging in to.

Enabling Two-Factor Authentication

To enable Two-Factor Authentication, access your user profile in Recurly, click the link and follow the on-screen instructions. There are several important steps in the flow:

  • You will be asked to enter your password. This helps ensure that only you can enable Two-Factor Authentication
  • You will be asked to enter a mobile phone number to which you can receive SMS text messages
  • Recurly will send an SMS message to the phone number entered. If you are already using - or have previously used - Authy for other systems, you may instead need to open the Authy app and look for the new Recurly icon.
  • You will enter the code that was sent to your mobile device

Using Authy

Recurly uses Authy to generate the unique authentication codes and to send that code to you either by SMS or via the Authy app that you can download here.

  • If you use, or have ever used Authy for Two-Factor authentication for other sites or applications, you must use Authy to get your authentication token for Recurly.

  • You can install Authy on your mobile device, or on your desktop. Certain web browsers also offer a plug-in that allows you to launch the desktop app from your browser window.

  • If you do download the Authy app, whenever you are prompted by Recurly to enter the additional authentication code, open the Authy app, click on the Recurly logo, and enter the code that is displayed.



What do I do if I forgot my mobile device?

If you have enabled Two-Factor Authentication and you are being prompted to enter the additional authentication code, but you don't have your mobile device to which the authentication code has been sent, there are several steps that you can take.

Other troubleshooting tips:

  • If you have Two-Factor Authentication enabled, make sure you are log into your Recurly site from If you try to login at https://[yoursitename] when you have Two-Factor Authentication enabled, you will not be able to complete the login.
  • If your authentication fails several times, you may wish to synchronize your phone's clock with your mobile provider. Often, this involves checking the "Set automatically" option on your phone's clock, rather than providing your own time zone.
  • Not getting text messages? If you are attempting to log in, or enable Two-Factor Authentication, but are not receiving an authentication code via SMS, try downloading the Authy app. In some cases, if you have used Authy before, but do not currently have the app installed on your phone or computer, Authy may be sending your code via the Authy app and not via SMS. If you download and go into the Authy app, you should see the Recurly logo listed as an option. Click on the Recurly logo, and enter the code that is displayed.
  • Code not working? Make sure you are not entering spaces between the numbers from the code. Some people report that when using the desktop version of Authy, if they copy and paste the # from the Authy app into Recurly, the spaces are being copied as well, and that causes the system to think that your code is wrong. Try manually entering the code and leaving the spaces out.

Instructions for site admin users:

  • Site admin users can disable Two-Factor Authentication for any site user
  • Navigate to the Users section in Recurly
  • Click to edit the profile for the user who needs Two-Factor Authentication disabled
  • On the subsequent page, click the link to "disable" Two-Factor Authentication in the right-hand card