Two-factor authentication for Nexus Mods
Two-factor authentication is an extra layer of security for your Nexus Mods account in addition to your password. It is designed to help ensure you're the only person who can access your account or make important changes to your account details.
How it works
When two-factor authentication is enabled, logging into Nexus Mods from a new device will require two pieces of information: Your password and a 6-character verification code that is generated by an authentication app such as Authy or Google Authenticator. When entering the code during login, you are verifying that you trust the new device and can choose to trust the current device for 30 days. This will happen for each new device you sign in with, ensuring that any new login attempts are approved by you, preventing others from accessing your account even if they know your password.
Upon initial activation of two-factor authentication, you will be presented with five 16-character recovery keys. These keys can be used to verify your account if you lose access to your phone or authenticator app. These are single use and you will be presented with a warning upon using one that it has been consumed. It is important to keep your recovery keys secure as losing your phone and the recovery keys may mean you have permanently lost access to your account. We recommend using a software or service that you trust to store your keys. At any time while logged in, you can generate new recovery keys by turning 2FA off and back on again on the 'Security' page of your Nexus Mods account settings. Doing this will remove all links to the old keys, rendering them invalid.
Setting up two-factor authentication for your Nexus Mods account
- Open the 'Security' tab in your account settings.
- Scroll down to the Two-factor authentication section, you will note it says "NOT ACTIVE".
- Click 'Set up 2A' and follow the instructions
Please ensure you record your backup codes. It is possible that you will be permanently locked out of your account if you lose both your phone and your backup codes.
Congratulations, you've now set up two-factor authentication!
Frequently Asked Questions (FAQ)
Q: Why do I get the two-factor authentication challenge every time I log in?
A: The two-factor authentication should only trigger every 30 days for each device you are logged in on. However, if you clear your browser cookies frequently you will remove the Nexus Mods cookie that 'remembers' your device. If you don't want to complete the challenge every time you log in, please allow cookies to be stored on your device.
Q: I've lost access to my phone, can I still log in?
A: If you cannot access your phone/authenticator application, you can enter one of the recovery keys generated when you set up two-factor authentication. If you lose access to both, your phone and your recovery keys, you will be permanently locked out of your account. If you are a Supporter or Premium member and find yourself in this situation, please send a copy of your purchase invoice (or PayPal reference) to firstname.lastname@example.org where we may be able to recover your account from this information.
Q: How do I get my recovery keys back if I lose them?
A: Your recovery keys can be replaced at any time by turn 2FA off and back on in the 'Security' section of your Nexus Mods account settings. Once you have done this, all of the old recovery keys are invalidated and can be discarded.