Enabling two-factor authentication (2FA or MFA) and lost 2FA recovery
Pushover currently supports TOTP-based two-factor authenticaiton (2FA) for all accounts.
When logged in, visit your Settings page. Enter your current account password, check the box for "Setup Two-Factor Auth", and then click "Save Account Settings".
You'll be given instructions for the setup of two-factor authentication for your account, which includes scanning a QR code in your 2FA application (or manually entering the secret). You will be given a list of recovery codes which you must write down and securely store somewhere.
Important Account Recovery Information
Enabling two-factor authentication on your account requires a current code from your 2FA application/device every time you log in to your Pushover account or do certain actions like change your password.
When you initially enroll in two-factor authentication, a list of recovery codes are generated which you should save (not in a password manager if you also use it for generating 2FA codes!). Each of these codes can be used in place of a current 2FA code and are single-use, so upon login or authentication, you will have to use another code.
If you lose access to your 2FA application/device and lose access to your recovery codes, we cannot recover access to your Pushover account because we cannot properly authenticate you. An account without 2FA enabled only requires a password, which can be reset by e-mail. This means that anyone with access to your e-mail account can login as you, since they could reset your password by clicking on the link sent by e-mail. Since many users enable 2FA to explicitly disable the ability for anyone to reset their password by e-mail, we will not manually reset 2FA on an account.
If you contact customer support regarding a lost 2FA application/device, your only recovery option will be to request that we delete your account so that you can create a new one with the same e-mail address. In that case, your Pushover user key will be changed and all of your application API tokens and e-mail aliases will be invalidated. However, once you create a new account, you can restore your previous in-app purchase to add your license to your new account.
