What is Two-Factor Authentication (2FA) and Why You Need It:
What is 2FA? Two-Factor Authentication (2FA) is a critical security feature that requires two different forms of verification to log in.
It combines:
1. Something you know (your password)
2. Something you have (a code generated on your mobile device).
Why is it Necessary? 2FA is necessary to provide an extra layer of protection for your email account. If a hacker somehow obtains your password (e.g., through a data breach or phishing), they still cannot access your account without the time-sensitive code generated on your private mobile device.
2FA Method Available:
Authenticator App (Required Method and Most Secure) Uses a third-party app (like Google Authenticator, Microsoft Authenticator, Authy etc.) to generate a time-sensitive, rotating six-digit code. This method is considered more secure than SMS because it does not rely on cellular service, which can be vulnerable to security exploits.
Note: SMS/Text Message Is Less Secure and not supported by CenturyLink. While convenient, this method is generally discouraged by security experts as it is considered less secure than an authenticator app.
How to Enable and Disable 2FA How to Enable 2FA (Webmail and Mobile Web):
- Log in to your CenturyLink webmail account using your web browser.
- Navigate to the 'Settings' section (often represented by a Gear Icon).
- Select the 'Security' tab.
- Locate and click on 'Two-Factor Authentication'.
- Click 'Set up two-factor authentication' and enter your account password to begin.
- Scan the QR code displayed on your screen using your chosen Authenticator App.
- Tip: If you cannot scan the code, select the option to manually enter the secret key into your authenticator app.
- The app will generate a code. Enter this code into the webmail prompt to verify and Enable 2-Factor Authentication.
- Create and save Backup Codes (see Section 5).
How to Disable 2FA:
- Log in to your CenturyLink webmail account.
- Navigate to Settings > Security > Two-Factor Authentication.
- Click the option to 'Disable' or 'Turn Off' Two-Factor Authentication.
- Confirm your decision.
NOTE: If you are unable to login and disable 2FA and you choose to contact support, this is considered a request to disable a critical security measure and is not taken lightly. Be prepared to verify your identity and completely explain why you need to disable this protection.
App Passwords for Mail Clients (Outlook, Mobile, etc.):
Once you enable 2FA on your webmail, your regular email password will no longer work for a desktop or mobile email client (like Outlook, Thunderbird, iPhone Mail, etc.). This is because these clients do not have a prompt to enter the rotating 2FA code. To access your email through an external client, you must use a unique App Password.
What are App Passwords? A unique, automatically generated, one-time password that you use in place of your regular password for a specific mail client or app. It allows the client to access your account without needing to enter a 2FA authentication code.
How to Use Them
1. Enable 2FA first (you cannot generate an App Password without 2FA enabled).
2. Go to the Security section of your webmail.
3. Select the option to 'Generate App Password'.
4. Name the password (e.g., "Outlook Desktop").
5. Copy the generated password.
6. Use this generated password in your mail client's password field.
Important Note: You cannot use password apps (like 1Password or LastPass) to replace 2FA for your mail client. You must use the unique App Password generated by the CenturyLink webmail system.
Backup Codes and Recovery:
What are Backup Codes? A list of single-use, alphanumeric codes provided to you during the 2FA setup process. Each code can be used only once. Backup codes are essential for regaining access to your account in emergency situations.
Why You Need Them: You need Backup Codes if you lose your mobile device or if your Authenticator App is unavailable. They are the secure way to log in and regain control of your account.
Lost or Stolen Device Procedure:
1. Your phone or tablet is lost.
2. Use a single Backup Code when prompted for a 2FA code to log in.
3. Once logged in, immediately go to the Security settings to disable 2FA, generate a new set of Backup Codes, and re-enable 2FA on your new device.
Difference between Backup Codes and App Passwords
App Passwords are for non-browser email clients (to bypass the need for a 2FA authentication code).
Backup Codes are for you, the user, to log in on the webmail when your 2FA method is unavailable (to bypass the need for a 2FA code).
Backup Codes do not bypass your regular account password.
"Don't Ask Me Again": If you select "Don't Ask Me Again On This Device," you will not be prompted for the 2FA code on that specific device for a period of time. You should only use this option on your personal, secure devices.
Backup Codes do not bypass your regular account password.
"Don't Ask Me Again": If you select "Don't Ask Me Again On This Device," you will not be prompted for the 2FA code on that specific device for a period of time. You should only use this option on your personal, secure devices.