To help protect your Plex account from unauthorized access, you can enable two-factor authentication (also often referred to as “2-Factor Auth” or “2FA”). This makes it so that you need two separate “factors” to be able to sign in to the account: both the regular account password as well as an independent form of authentication that only you know (e.g. a verification code from an authenticator app).
Once you’ve enabled 2FA, you will then need both your account password and the secondary authentication when you sign in to your account in a Plex app or on the website.
Warning : If you are part of a Plex Home, then there will not be any extra prompt for 2FA when switching between members of the Home. You should not join another Plex Home or add anyone to your own Plex Home that you do not live with and do not trust with account access.
Tip! : Two-Factor Authentication setup requires the latest version of our web app. Make sure that you use our hosted app for the setup, as opposed to the local/bundled version that comes with Plex Media Server.
To enable two-factor authentication on your Plex account, first sign in and visit your Account page. On that page, you’ll find a Two-Factor Authentication section, which you can open up. There, you can use the Enable button to open a modal and start setting up 2FA for your account.
Note : Before you can enable 2FA, your Plex account does need a separate password. That means that if you only use Apple/Facebook/Google to sign in to your account, you may need to first create/set a password on your Account page.
After confirming your account password, you’ll see a screen that has a QR code and some instructions.
You’ll need a compatible authenticator app on your phone, tablet, or computer. Any app that uses the standard TOTP protocol should work fine. Some popular example apps:
Almost all such apps will allow you to use the camera on the mobile device or a screen capture to read the QR code image. In cases where that doesn’t work, you can manually add Plex to the authenticator app using the “text code” that’s also provided.
Once you’ve linked Plex in the authenticator app, it will display a 6-digit verification code. Submit that code in the 2FA setup flow in Plex to complete the link.
The setup will then display a set of 10 recovery codes for you, along with a button that makes it easy to copy them to your clipboard.
Warning! : Make sure that you copy and store these recovery codes in a safe place that you can access without your mobile device. If you lose your authenticator app, a recovery code is the only way you will be able to sign in to the Plex account! These are single-use codes.
When you’ve safely stored the recovery codes, you can finish the flow and your account is now protected by two-factor authentication.
Once you’ve enabled 2FA on your account, you will be prompted to provide the extra authentication when signing in to that account. Generally speaking, this will occur as a two step process:
- Submit the email address (or username) and password
- Get prompted to provide the second factor verification code
In the very rare case where you’re using a Plex app that doesn’t directly support 2FA verification (which typically means it’s a third-party app or tool that isn’t using our standard authentication methods), you can still sign in via 2FA. Specifically, you append a valid verification code to the end of the password when submitting:
For instance, imagine that your password is “secret” (please, please use a strong, unique password) and that you check your authenticator app and receive the verification code “123456”. You would then submit
secret123456 as the password.
If you do run into an app or tool that requires this, we encourage you to contact the author and suggest that they update their app to use the recommended authentication method (see information below in the FAQ section).
Once you have enabled two-factor authentication on your Plex account, you can manage that at any time in the same place: your Account page. There, you can generate new recovery codes or disable 2FA, if desired.
During the initial setup process, a set of recovery codes is provided. Those are extremely important, since that’s the only way that you can authenticate your account if you lose access to the regular authenticator app.
If you happen to lose (or use) your recovery codes, you can have a fresh batch generated on your Account page. To do so, you’ll need to authenticate with both your password and a valid verification code. Once you do so:
- A new set of 10, single-use codes will be provided to you
- All the the previous recovery codes for your account will be invalidated
Make sure that you store your recovery codes in a secure place that you can access when needed. (e.g. Don’t store them on your mobile device, since if you lose it, you would lose both the authenticator app and the recovery codes at the same time.)
From the Account page, you can also disable two-factor authentication on the Plex account. To do so, you’ll need to provide a valid verification code. So, if you lost your authenticator app and wish to disable 2FA, then you would need to use a recovery code to do so.