How to enable two-factor authentication

To enable two-factor authentication (2FA) on your Eflexsim account, sign in, go to Account → Security → Two-factor authentication, and click Enable. Scan the QR code with an authenticator app (Google Authenticator, Authy, 1Password, Microsoft Authenticator, etc.), enter the 6-digit code the app shows to confirm, and save the recovery codes we display. Going forward, every sign-in requires both your password AND a fresh 6-digit code from the authenticator app. Setup takes about 3 minutes.

Below: which authenticator apps work, the full setup walkthrough, what recovery codes are for, and what happens if you lose your authenticator device.

Why enable 2FA

Two-factor authentication adds a second step to sign-in beyond your password. Even if someone learns your password (phishing, data breach, reused password from another site), they can't sign in without also having access to your phone's authenticator app.

For an Eflexsim account, 2FA protects:

• Active eSIMs in your account.
• Wallet credit balance.
• Saved cards (already stored in Stripe, but the account access to use them is gated by 2FA).
• Personal data on the profile.
• Ability to delete the account or change critical settings.

The setup is a one-time 3 minutes; the ongoing friction is a 6-digit code at each sign-in. Worth it for most accounts.

Authenticator apps we support

Any TOTP-compatible app works. The common ones:

• Google Authenticator (iOS and Android, free).
• Authy by Twilio (iOS, Android, desktop apps, free).
• 1Password (if you already use it as a password manager, the 2FA codes are built in).
• Microsoft Authenticator (iOS and Android, free).
• Bitwarden Authenticator (free).
• Duo Mobile (iOS and Android).
• iOS built-in passwords app (iOS 15+).

These all use the standard TOTP protocol so any of them works with Eflexsim's 2FA. Pick whichever you prefer. If you already use a password manager with 2FA built in (1Password, Bitwarden), that's usually the most convenient option because the codes live alongside your password.

Full setup walkthrough

The exact steps:

1. Sign in to Eflexsim.com and go to Account → Security.

2. Click Two-factor authentication.

3. Click Enable. A QR code appears on the screen along with a manual setup key.

4. Open your authenticator app.

• In Google Authenticator, tap the + icon → Scan QR code.
• In Authy, tap Add Account → Scan QR code.
• In 1Password, edit your Eflexsim entry → tap One-Time Password field → Scan QR code.

5. Scan the QR code with your phone's camera through the authenticator app.

The app adds an Eflexsim entry and immediately shows a 6-digit code that refreshes every 30 seconds.

6. Type the current 6-digit code into the verification field on the Eflexsim setup page.

7. Click Verify and Enable.

8. Save your recovery codes. Eflexsim shows 8-10 one-time-use recovery codes. Save these somewhere safe (password manager, printed on paper, etc.) for the case where you lose your authenticator device.

2FA is now active on the account.

What recovery codes are for

Recovery codes are your backup if you lose access to the authenticator app:

• Phone lost or stolen.
• Phone factory-reset without backing up the authenticator app.
• Switched phones without transferring the authenticator account.
• Authenticator app deleted accidentally.

In any of these cases, you sign in with email/password as usual, then enter one of the recovery codes instead of the 6-digit code. Each recovery code is single-use; after using one, it's invalidated. You can regenerate new recovery codes from your account security settings whenever needed.

Where to store recovery codes:

• A password manager (1Password, Bitwarden) is the typical recommendation.
• Printed on paper kept in a secure location.
• Written down in a notebook.

NOT recommended: leaving them in plain text on your computer or in unencrypted email. They're functionally equivalent to your password.

Signing in with 2FA enabled

The new sign-in flow:

1. Enter email and password as usual.
2. Eflexsim asks for the 6-digit code.
3. Open the authenticator app, find the Eflexsim entry, type the current code.
4. Sign-in completes.

The 6-digit code refreshes every 30 seconds. If you type it slowly and it expires before submitting, wait for the next one.

On trusted devices (your usual phone or laptop), you can optionally tick "Remember this device for 30 days" so you don't have to enter the code on every sign-in. The 30-day window resets each time you sign in on that device.

If you lose access to your authenticator

A few scenarios and what to do:

Lost phone, have recovery codes. Sign in normally, use a recovery code instead of the 6-digit code. After signing in, disable 2FA in account settings and re-enable it later with a new authenticator on a new device.

Lost phone, don't have recovery codes. Email support@eflexsim.com from the email associated with your account. We'll verify your identity (same process as lost access to your email) and disable 2FA so you can sign in. After regaining access, immediately re-enable 2FA on a new device.

New phone, transferring authenticator. Most authenticator apps support backup and restore. Authy and 1Password sync across devices automatically. Google Authenticator has an export feature. Set up the new phone before wiping the old one.

Phone broken or factory reset without transfer. Same as "lost phone." Recovery codes are your friend; otherwise contact support.

Disabling 2FA

If you want to turn off 2FA:

1. Sign in to your account.
2. Go to Account → Security → Two-factor authentication.
3. Click Disable.
4. Enter your password and a current 6-digit code (one last time) to confirm.
5. 2FA is now off.

We don't recommend disabling 2FA unless you're switching to a different authenticator (in which case disable, then re-enable with the new app).

Frequently asked questions

QDoes 2FA cost anything?

No. The feature is free and supported on all Eflexsim accounts.

QCan I use SMS for 2FA instead of an authenticator app?

Not at launch. SMS-based 2FA is less secure than authenticator apps (SIM swap attacks, SMS interception). We may add SMS as an option post-launch for users who prefer it; for now, authenticator app is the only path.

QWhat if I sign in from a country where my authenticator app doesn't work?

Authenticator apps work offline; they don't need internet to generate codes. Travel doesn't break 2FA.

QCan I have 2FA on multiple devices?

Yes. Scan the same QR code on multiple authenticator apps (e.g., your phone and your tablet). All of them generate matching codes.

QDoes 2FA affect how I receive transactional emails?

No. Emails work the same regardless of 2FA. The change is only at sign-in.

QWill 2FA be required for everyone eventually?

Probably not required, but strongly recommended. Optional 2FA fits more user preferences while still protecting accounts that opt in.

QWhat if I forget my password AND can't access my authenticator?

That's the worst case. Email support@eflexsim.com and we go through the full account recovery process. Takes 1-3 business days but does resolve.

For password resets, see how to reset my password. For email-loss recovery, see lost access to your email. For login alert handling, see why you got a "new login" email.