We're experiencing difficulty. Our engineers are on it. Please check status.mailgun.com for real-time updates.

Reset/Deactivate 2FA

Note: This process applies only to Mailgun-direct accounts. If you use Mailgun through services such as Rackspace or Heroku, 2FA and password resets would need to be handled via that service’s corresponding processes. You'll want to contact their support for assistance in such cases.

In the event that your Two-Factor Authentication (also known as 2FA) token is lost, stolen, or out of commission, removing 2FA is a fairly simple process.

Deactivating 2FA Using The Paper Key

  1. Navigate to the 2FA recovery page here.
  2. In the form, provide your Paper Key and click Deactivate 2FA.
  3. You will be returned to the login page, where you'll be prompted to enter your email address and password. 
  4. We recommend reactivating 2FA as soon as possible!

Don't Have The Paper Key?  You Are The Account Owner?

Please contact Mailgun Support. We'll guide you through a few verification steps so that you can safely regain access to the account!

Don't Have The Paper Key? You Aren't The Account Owner?

If your user does not serve as the Account Owner, you will need to reach out to the Account Owner for your account to deactivate 2FA on your behalf.  The Account Owner can accomplish this process in the Mailgun Control Panel using the following steps:

  1. Remove 2FA from your user 
    1. Navigate towards the top-right of the page next to your username, click the down-arrow, and then select the Account option. Alternatively, you can use this direct link
    2. On the resulting page, you will see various groups, or sections, of settings. In the Authentication section, locate the 2FA field. 
    3. Click the light grey Deactivate button.
    4. In the pop-up form, enter the 6-digit 2FA code that we send to you and then click the green Deactivate 2FA button.

  2. Delete your user
    1. Navigate towards the top-right of the page next to your username, click the down-arrow, and then select theSecurity option. Alternatively, you can use this direct link
    2. Locate the relevant user and click the light grey Delete button to remove the user from the account.
  3. Recreate your user
    1. (On the same page as above) Click on the green Invite new user button to enter the new Admin's information (Email Address, Name, and Role) in the pop-up form.
    2. Save the changes by clicking the Invite user button.
  4. Apply 2FA to your user
    1. By clicking on the link in the invitation email, this is the part where you'll log in to the Mailgun Control Panel.
    2. Follow the steps outlined in our 2FA Setup article.

Once Deactivated, Don't Forget To Reactivate!

Once you've re-established access to your account, we highly recommend you reactivate 2FA to ensure your account is fully secure from malicious actors that could try to take over your account. Check out our 2FA Setup article for more!


If any questions arise, just reach out to our Support team via the Support option in your Mailgun control panel!