Two-factor authentication (Yandex). How to disable two-factor authentication. Login with two-factor authentication

Attention. Applications developed in Yandex require a one-time password - even correctly created application passwords will not work.

Login using QR code
Transferring Yandex.Key
Master password

Login to a Yandex service or application

You can enter a one-time password in any form of authorization on Yandex or in applications developed by Yandex.

Note.

You must enter the one-time password while it is displayed in the application. If there is too little time left before the update, just wait for the new password.

To get a one-time password, launch Yandex.Key and enter the PIN code that you specified when setting up two-factor authentication. The application will start generating passwords every 30 seconds.

Yandex.Key does not check the PIN code you entered and generates one-time passwords, even if you entered your PIN code incorrectly. In this case, the created passwords also turn out to be incorrect and you will not be able to log in with them. To enter the correct PIN, just exit the application and launch it again.

Features of one-time passwords:

Login using QR code

Some services (for example, the Yandex main page, Passport and Mail) allow you to log into Yandex by simply pointing the camera at the QR code. In this case, your mobile device must be connected to the Internet so that Yandex.Key can contact the authorization server.

Click on the QR code icon in your browser.

If there is no such icon in the login form, then you can only log in to this service using a password. In this case, you can log in using the QR code in the Passport, and then go to the desired service.

Enter your PIN code in Yandex.Key and click Login using QR code.

Point your device's camera at the QR code displayed in the browser.

Yandex.Key will recognize the QR code and send your login and one-time password to Yandex.Passport. If they pass the verification, you are automatically logged in to the browser. If the transmitted password is incorrect (for example, because you entered the PIN code incorrectly in Yandex.Key), the browser will display a standard message about the incorrect password.

Logging in with a Yandex account to a third-party application or website

Applications or sites that need access to your Yandex data sometimes require you to enter a password to log into your account. In such cases, one-time passwords will not work - you need to create a separate application password for each such application.

Attention. Only one-time passwords work in Yandex applications and services. Even if you create an application password, for example, for Yandex.Disk, you will not be able to log in with it.

Transferring Yandex.Key

You can transfer the generation of one-time passwords to another device, or configure Yandex.Key on several devices at the same time. To do this, open the Access Control page and click the button Replacing the device.

Several accounts in Yandex.Key

The same Yandex.Key can be used for several accounts with one-time passwords. To add another account to the application, when setting up one-time passwords in step 3, click the icon in the application. In addition, you can add password generation to Yandex.Key for other services that support such two-factor authentication. Instructions for the most popular services are provided on the page about creating verification codes not for Yandex.

To remove an account link to Yandex.Key, press and hold the corresponding portrait in the application until a cross appears to the right of it. When you click on the cross, the linking of your account to Yandex.Key will be deleted.

Attention. If you delete an account for which one-time passwords are enabled, you will not be able to obtain a one-time password to log into Yandex. In this case, it will be necessary to restore access.

Fingerprint instead of PIN code

You can use your fingerprint instead of a PIN code on the following devices:

smartphones running Android 6.0 and a fingerprint scanner;

iPhone starting from model 5s;

iPad starting with Air 2.

Note.

On iOS smartphones and tablets, the fingerprint can be bypassed by entering the device password. To protect against this, enable a master password or change the password to a more complex one: open the Settings app and select Touch ID & Passcode.

To use enable fingerprint verification:

Master password

To further protect your one-time passwords, create a master password: → Master Password.

With a master password you can:

make it so that instead of a fingerprint, you can only enter the Yandex.Key master password, and not the device lock code;

Backup copy of Yandex.Key data

You can create a backup copy of the Key data on the Yandex server so that you can restore it if you lose your phone or tablet with the application. The data of all accounts added to the Key at the time the copy was created is copied to the server. You cannot create more than one backup copy; each subsequent copy of data for a specific phone number replaces the previous one.

To retrieve data from a backup, you need to:

have access to the phone number that you specified when creating it;

remember the password you set to encrypt the backup.

Attention. The backup copy contains only the logins and secrets necessary to generate one-time passwords. You must remember the PIN code that you set when you enabled one-time passwords on Yandex.

It is not yet possible to delete a backup copy from the Yandex server. It will be deleted automatically if you do not use it within a year after creation.

Creating a Backup

Select an item Create a backup in the application settings.

Enter the phone number to which the backup will be linked (for example, "380123456789") and click Next.

Yandex will send a confirmation code to the entered phone number. Once you receive the code, enter it in the application.

Create a password that will encrypt the backup copy of your data. This password cannot be recovered, so make sure you don't forget or lose it.

Enter the password you created twice and click Finish. Yandex.Key will encrypt the backup copy, send it to the Yandex server and report it.

Restoring from a backup

Select an item Restore from backup in the application settings.

Enter the phone number you used when creating the backup (for example, "380123456789") and click Next.

If a backup copy of the Key data is found for the specified number, Yandex will send a confirmation code to this phone number. Once you receive the code, enter it in the application.

Make sure the date and time the backup was created, as well as the device name, matches the backup you want to use. Then click the Restore button.

Enter the password you set when creating the backup. If you don't remember it, unfortunately, it will be impossible to decrypt the backup.

Yandex.Key will decrypt the backup data and notify you that the data has been restored.

How one-time passwords depend on precise time

When generating one-time passwords, Yandex.Key takes into account the current time and time zone set on the device. When an Internet connection is available, the Key also requests the exact time from the server: if the time on the device is set incorrectly, the application will make an adjustment for this. But in some situations, even after correction and with the correct PIN code, the one-time password will be incorrect.

If you are sure that you are entering your PIN code and password correctly, but you cannot log in:

Make sure your device is set to the correct time and time zone. After that, try logging in with a new one-time password.

Connect your device to the Internet so that Yandex.Key can get the exact time on its own. Then restart the application and try entering a new one-time password.

If the problem is not resolved, please contact support using the form below.

Leave feedback about two-factor authentication

Good afternoon!. Last time I told you in detail how you can protect your flash drive from viruses and malware, today we’ll talk again about protecting your data and services. It's about, oh two-factor authentication, or as it is also called two-factor protection. Which you can find on absolutely any normal service or website. I am sure that this information will be relevant to many, since 80 percent of users simply forget about this, for which they then pay.

What is two-factor authentication (2FA)

Let's imagine a classic situation, using Russia as an example. There is a popular social network VKontakte, which is used by a huge number of people. To access it, most people use a login and password, and since a person is a lazy and naive creature, he is not particularly concerned about the security of his account, which ultimately entails hacking it, thereby losing his account and access, and not a fact, that he would restore it later, since he might not even have tied the phone number to it. But if he had previously configured two-factor protection, then even if the password was compromised, he would not care, since he would still need an additional verification step that is tied to the phone.

Two-Factor Authentication is an additional, robust security process, I would call it advanced authentication, that is required by the user accessing the device or service. Another security key, which can be a security code from SMS, a temporary code generated using a special application. which updates them every 25 seconds.

The role of a bastion of two-factor protection is your mobile phone, the number of which is linked to an account or device, for which it will be an additional means of confirming the identity of the true owner.

How two-factor protection works

Let me describe to you the algorithm for how two-factor protection works. Understanding the principle, it will be easy for you to set it up anywhere, on any service. And so we have a wonderful user Tanya, I love this name. Tanya decided to create an account for herself at Gmail.com. She goes through the registration procedure, where she indicates what login and password she will have when entering the mail. Gmail confirms her registration and activates her username and password with which she will log in.

Tanya logs in to her email, indicating her username and password. Gmail offers her to set up two-factor authentication, by linking to a phone number where she will receive SMS codes, or by installing the Authenticator application, which will generate security codes every 25 seconds; if you haven’t entered it yet, a new 6-digit code will be generated. Tanya installs them and enables two-factor protection.

Now, the next time Tanya logs in, she will need to enter, in addition to the classic security measures (Login and Password), a code from SMS or from the Authenticator utility, also installed on her smartphone. Once she does this, she gains access to the service.

Pros and cons of two-factor authentication

I'll start with the advantages of this technology:

A very high degree of protection, I would give it 99%, since everything is tied to a phone number, which will be very difficult to compromise
Always at hand
Access codes change frequently

Among the minuses we can highlight the following:

Since everything is tied to the phone number, if it is lost, access to your services will be difficult, although most of them have a recovery procedure, but it is very labor-intensive
The likelihood of installing or introducing a virus into a device that will transfer your data to attackers
The device may discharge at the right time
The mobile phone must always see the operator's network, otherwise it will not be possible to receive SMS or codes.
There are services that use an additional code sent to email as multi-factor protection, so to avoid being compromised, be sure to enable two-factor authentication on the email itself, otherwise it will be hacked and there will be fun.
For example, SMS notifications may arrive with a delay, I encountered this with Sberbank or VTB24.

Types of two-factor authentication

Let's look at the main types of two-factor protection implementations that you can easily come across at the moment; they can be updated and expanded over time, but for now there are these:

Which two-factor authentication method 2FA is better?

I won’t go into detail here, I’ll highlight two, and both of them will be linked to your mobile phone. This SMS and Push-notifications and more reliable using programs Authenticator. The advantages are that it’s all free, everyone has a mobile phone, and most importantly, it’s reliable.

Which software Authenticator 2FA to choose?

Let me describe to you which authenticator I would advise you to choose

Google Authenticator is the most popular authenticator in the world used for two-factor protection, due to the popularity of Google as a company and, of course, the number of services it provides.
Fido is the second most popular defender (https://www.yubico.com/solutions/fido-u2f/)

How to hack 2FA two-factor authentication

In order to bypass two-factor authentication, hackers use the following methods:

How to restore two-factor authentication

If you have lost your phone and want to restore your access, then the algorithm is as follows:

If possible, restore the SIM card and phone faster
Before activating the software Authenticator, the services give you secret recovery codes or a QR code, you must have lights
If there are no codes, then you will have to write to technical support and prove that you are you, be sure to prepare all your data and documents, but this will work if you have everything correctly and completely filled out, and not just the owner of the megapixar123 account :) )

How to disable two-factor protection?

In general, I do not advise you to disable the two-factor code, in view of the reduction in the security of your data, but if you still decide, then each service has its own procedure, which in 99% of cases boils down to setting a toggle switch in the settings that disables two-step verification so that turn it off. You will also need to indicate a verification code or the answer to a security question. I was with you, Ivan Semin, author and creator of the IT blog site,

To protect your personal data in today's world, you may need to consider increasing the level of security for your digital space using two-factor authentication.

Various online technologies are increasingly being integrated into the life of a modern person. Most of us can no longer imagine ourselves without social networks, smartphones and the Internet in general. We leave a whole bunch of digital traces and personal data on the World Wide Web every day. At the same time, most users do not even think about what will happen if one day they lose access to their “digital world”, which ends up in the hands of attackers...

Some would say that their modest persona is unlikely to interest hackers. However, even accounts from the most seedy social networks are sold on the “black market”. What can we say about, say, your Google account, which contains all your email correspondence, data from your phone and, possibly, links to bank cards?

The saddest thing is that many people rely on “maybe” and use fairly simple passwords to access any serious accounts. And, by the way, there are entire special dictionaries containing thousands of popular passwords, like “1234qwerty” and the like, which allow you to be hacked in a matter of minutes! Therefore, conventional password protection is no longer reliable. It's time to use two-factor authentication!

What is two-factor authentication?

In various science fiction films of Hollywood, we can see how the main character (or villain) first enters a bunch of passwords to access secret data, then applies a special identification card to the reading device, and to top it all off, he also looks through the peephole, where the laser reads the pattern of his retina eyes. But this is no longer science fiction, but the so-called multi-factor authentication.

The traditional multi-factor authentication model involves three main factors (each of which can be duplicated to increase the level of protection):

Knowledge factor. It implies that the access control system receives certain data that only a specific user should know. For example, this could be a traditional “login-password” pair, a pin code, mother’s maiden name, or other information that, ideally, only we can know. Unfortunately, many users do not remember their passwords, but store them on scraps of paper right at their workplace. Therefore, it would not be difficult for a hypothetical attacker to steal them...
Ownership factor. Provides that the user has a certain thing that others do not have. Such things may include a unique phone number, a plastic card with a unique barcode or data chip, a USB token or other cryptographic device. Theoretically, it is also possible to steal it, but it is much more difficult. And, given that the ownership factor is usually supported by the knowledge factor (you must first enter a password), the chances of successfully using a stolen device are significantly reduced.
Property factor. Uses certain personal qualities to identify the user. Some of the most unique ones include fingerprints, the face in general, the pattern of the iris, or even a DNA sample! Given the proper degree of sensitivity of the testing equipment, it is simply impossible to bypass such protection. However, biometric verification is still far from such perfection, so at the present stage it is usually supplemented with additional access control factors.

In fact, multi-factor authentication is actually three-factor. Accordingly, two-step user verification involves discarding one of the factors. Typically, this is a property factor that requires special biometric equipment to confirm. Two-factor authentication does not require special investments, but can significantly increase the level of security!

Today, the most common type of two-factor authentication on the Internet is linking an account to the user’s phone. In general, we traditionally enter a login with a password, after which we receive a special one-time PIN code on our phone via SMS or PUSH message, which we enter in a special form to access the site we need. Alternatively, instead of a message, you may receive a call from a robot that will ask you to press a particular number on the phone keypad.

Authorization using USB tokens is less common (for example, in modern accounting services). Such a token contains an encrypted key corresponding to a password that is known to the user. When authorizing, you need to connect the token to the USB port of your computer, and then enter the password in a special field. If it matches the one encrypted on the token, authorization will occur.

However, tokens cost money and require periodic key renewal, which is also not always free. Therefore, the most commonly used method of two-factor verification is still telephone verification. And here we will talk about it in more detail.

Two-factor authentication in Windows

Windows 10 is a modern operating system, therefore, by definition, it must contain modern security features. One of these is the two-factor user verification mechanism. This function appeared and disappeared again in some versions of the system, going through a number of improvements, so if you want to use it, be sure to make sure that you have all the updates (especially the KB3216755 patch, which fixed the authentication in the Anniversary Update).

Also, for two-step verification to work, you will need to have an account registered with Microsoft. That is, with a local “account”, alas, nothing will work out...

Now you need to prepare your phone for the procedure. You need to install a special application on it that will receive Windows account login verification signals and confirm them. For Android smartphones, you can choose the official Microsoft Authenticator program, and for iOS devices, the unified Google Authenticator solution (also for Android) is suitable.

After all the preliminary settings, you need to log into your Microsoft account and set it up for two-factor sign-in. The easiest way to do this is by calling in the snap-in "Options" chapter "Accounts". On the first "Email and Accounts" tab, click the link "Manage your Microsoft account", after which you should be redirected to the Microsoft account login page.

A page with settings will open, among which you need to find the group "Two-Step Verification" and click on the link "Setting up two-step verification":

You will see a step-by-step wizard for setting up two-factor authentication, following the prompts of which you can activate two-step user verification when logging into Windows:

Two-factor authentication with Google

After Windows, Android is in second place in popularity among modern users. And most Android devices, as we know, are “linked” to a Google account. It also wouldn't hurt to protect it further. Moreover, the two-factor authentication function for his accounts has been working successfully for quite a long time.

To access the two-step verification settings, you need to log into your Google account, go to the special page and click the button "Begin":

You may be asked to re-enter your account password to confirm access to your settings. After this, a step-by-step wizard will open that will help you set the necessary parameters for two-step account login verification:

All you need to do is enter your phone number (it is most likely already “linked” to your account), receive an SMS with a one-time verification code, then enter the code in a special field and activate the procedure for all subsequent authorizations.

However, logging in with your phone isn't the only two-factor authentication method Google offers. If you have a FIDO Universal 2nd Factor (U2F) token, you can also set up a login to your account using it. Read more about how to do this. Well, of course, you can receive verification codes not only in the form of SMS, but also PUSH messages in the Google Authenticator application we already mentioned above.

Two-factor authentication on social networks

Following general trends, the developers of some large social networks have also taken care of two-factor authentication.

DFA on Facebook

Facebook, being one of the most popular social networks in the West, like Google, has long been offering its users a two-step account login verification function. Moreover, access codes can be received both via SMS and in universal authorization applications. Of these, Google Authenticator and Duo Mobile are supported.

You can enable two-factor authentication on Facebook by going to the settings section

Only lazy people don't crack passwords. The recent massive leak of accounts from Yahoo only confirms the fact that a password alone - no matter how long or complex it is - is no longer enough for reliable protection. Two-factor authentication is what promises to provide that protection, adding an extra layer of security.

In theory, everything looks good, and in practice, in general, it works. Two-factor authentication does make it harder to hack an account. Now it is not enough for an attacker to lure, steal or crack the master password. To log into your account, you also need to enter a one-time code, which... But exactly how this one-time code is obtained is the most interesting thing.

You've come across two-factor authentication many times, even if you've never heard of it. Have you ever entered a one-time code that was sent to you via SMS? This is it, a special case of two-factor authentication. Does it help? To be honest, not really: attackers have already learned how to bypass this type of protection.

Today we will look at all types of two-factor authentication used to protect Google Account, Apple ID and Microsoft Account on Android, iOS and Windows 10 Mobile platforms.

Apple

Two-factor authentication first appeared on Apple devices in 2013. In those days, convincing users of the need for additional protection was not easy. Apple didn’t even try: two-factor authentication (called two-step verification, or Two-Step Verification) was used only to protect against direct financial damage. For example, a one-time code was required when making a purchase from a new device, changing a password, and communicating with support about topics related to an Apple ID account.

It didn't end well. In August 2014, there was a massive leak of celebrity photos. The hackers managed to gain access to the victims' accounts and downloaded photos from iCloud. A scandal erupted, causing Apple to quickly expand support for two-step verification to access iCloud backups and photos. At the same time, the company continued to work on a new generation of two-factor authentication method.

Two-step verification

To deliver codes, two-step verification uses the Find My Phone mechanism, which was originally designed to deliver push notifications and lock commands in the event of a lost or stolen phone. The code is displayed on top of the lock screen, so if an attacker obtains a trusted device, he will be able to obtain a one-time code and use it without even knowing the device password. This delivery mechanism is frankly a weak link.

You can also receive the code via SMS or voice call to your registered phone number. This method is no safer. The SIM card can be removed from a well-protected iPhone and inserted into any other device, after which a code can be received on it. Finally, a SIM card can be cloned or taken from a mobile operator using a fake power of attorney - this type of fraud has now become simply epidemic.

If you do not have access to either a trusted iPhone or a trusted phone number, then to access your account you need to use a special 14-digit key (which, by the way, it is recommended to print and store in a safe place, and keep with you when traveling ). If you lose it too, it will not seem bad: access to your account may be closed forever.

How safe is it?

To be honest, not really. Two-step verification is incredibly poorly implemented and has deservedly earned a reputation as the worst two-factor authentication system of all the Big Three players. If there is no other choice, then two-step verification is still better than nothing. But there is a choice: with the release of iOS 9, Apple introduced a completely new security system, which was given the simple name “two-factor authentication.”

What exactly is the weakness of this system? First, one-time codes delivered through the Find My Phone mechanism appear directly on the lock screen. Secondly, authentication based on phone numbers is insecure: SMS can be intercepted both at the provider level and by replacing or cloning the SIM card. If you have physical access to the SIM card, then you can simply install it in another device and receive the code on completely legal grounds.

Also keep in mind that criminals have learned to obtain SIM cards to replace “lost” ones using fake powers of attorney. If your password is stolen, then finding out your phone number is a piece of cake. The power of attorney is forged, a new SIM card is obtained - in fact, nothing else is required to access your account.

How to hack Apple authentication

This version of two-factor authentication is fairly easy to hack. There are several options:

read a one-time code from a trusted device - unlocking is not necessary;
move the SIM card to another device, receive SMS;
clone a SIM card, get a code for it;
use a binary authentication token copied from the user's computer.

How to protect yourself

Protection through two-step verification is not serious. Don't use it at all. Instead, enable true two-factor authentication.

Two-factor authentication

Apple's second attempt is officially called "two-factor authentication." Instead of replacing the previous two-step verification scheme, the two systems exist in parallel (however, only one of the two schemes can be used within the same account).

Two-factor authentication appeared as part of iOS 9 and the version of macOS released simultaneously with it. The new method includes additional verification whenever you try to log into your Apple ID account from a new device: all trusted devices (iPhone, iPad, iPod Touch and computers running the latest versions of macOS) instantly receive an interactive notification. To access the notification, you need to unlock the device (with a password or fingerprint sensor), and to receive a one-time code, you need to click on the confirm button in the dialog box.

As in the previous method, in the new scheme it is possible to receive a one-time password in the form of an SMS or a voice call to a trusted phone number. However, unlike two-step verification, push notifications will be delivered to the user in any case, and the user can block an unauthorized attempt to log into the account from any of their devices.

Application passwords are also supported. But Apple abandoned the access recovery code: if you lose your only iPhone along with a trusted SIM card (which for some reason you cannot restore), to restore access to your account you will have to go through a real quest with identity confirmation (and no, a scan of a passport is not such confirmation... and the original, as they say, “does not work”).

But in the new security system there was a place for a convenient and familiar offline scheme for generating one-time codes. It uses a completely standard TOTP (time-based one-time password) mechanism, which generates six-digit one-time codes every thirty seconds. These codes are tied to exact time, and the trusted device itself acts as a generator (authenticator). Codes are obtained from the depths of the system settings of the iPhone or iPad via Apple ID -> Password and Security.

We will not explain in detail what TOTP is and what it is used with, but we will still have to talk about the main differences between the implementation of this method in iOS and a similar scheme in Android and Windows.

Unlike its main competitors, Apple allows only its own devices to be used as authenticators. Their role can be played by a trusted iPhone, iPad or iPod Touch running iOS 9 or 10. Moreover, each device is initialized with a unique secret, which allows you to easily and painlessly revoke the trusted status from it (and only from it) if it is lost. If the authenticator from Google is compromised, then the status of all initialized authenticators will have to be revoked (and reinitialized), since Google decided to use a single secret for initialization.

How safe is it

Compared to the previous implementation, the new scheme is still more secure. Thanks to support from the operating system, the new scheme is more consistent, logical and easy to use, which is important from the point of view of attracting users. The one-time password delivery system has also been significantly redesigned; the only remaining weak link is delivery to a trusted phone number, which the user still must verify without fail.

Now, when attempting to log into an account, the user instantly receives push notifications to all trusted devices and has the option to reject the attempt. However, if the attacker acts quickly enough, he may be able to gain access to the account.

How to hack two-factor authentication

Just like in the previous scheme, two-factor authentication can be hacked using an authentication token copied from the user's computer. An attack on the SIM card will also work, but an attempt to receive the code via SMS will still trigger notifications on all the user’s trusted devices, and he may have time to reject the login. But you won’t be able to spy the code on the screen of a locked device: you will have to unlock the device and give confirmation in the dialog box.

How to protect yourself

There are not many vulnerabilities left in the new system. If Apple abandoned the mandatory addition of a trusted phone number (and to activate two-factor authentication, at least one phone number would have to be verified), it could be called ideal. Unfortunately, the need to verify a phone number adds a serious vulnerability. You can try to protect yourself in the same way as you protect the number to which one-time passwords are sent from the bank.

Continuation is available only to subscribers

Option 1. Subscribe to Hacker to read all materials on the site

Subscription will allow you to read ALL paid materials on the site within the specified period.

We accept payments by bank cards, electronic money and transfers from mobile operator accounts.

I'll show you how to protect your Mail account by enabling two-factor authentication on Mail. After entering the password for your Mail account, you will receive an SMS code on your phone, which you will need to enter to log into your Mail account.

1. Enable two-factor authentication.

Go to mail.ru then log into your account by entering your username and password. Then, after logging into your account at the top right, click on settings.

In Settings, enter Password and Security. And on the right there is an item called Secure Login with SMS confirmation. Click enable.

Do you really want to enable Yandex two-factor authentication?

Two-factor authentication provides an additional layer of protection for your account. Once authentication is enabled, when you try to log into your mailbox, you will be required to enter a code sent as an SMS to the connected phone number.

Enter your account password, indicate your phone number and click continue.

Two-factor authentication is enabled.

Add passwords for each application.

Please note that all external applications in which you used this mailbox have stopped working. To start using them again, go to settings and create passwords for each.

Click set up two-factor authentication.

That's all. Two-factor authentication is already working. Now, after entering the password for your mail.ru account, you will receive an SMS code on your phone, which you will need to enter to log into your account. Thus, if someone finds out your account password, they will still not be able to log into it, since they will need to enter an SMS code, and the SMS code will be sent to your phone.

2. Create a password for external applications.

You can continue setting up and customizing The Bat! and Microsoft Outlook, if you use them and have your mail.ru mailbox added there. Click add application.

Creating a new application. An application password is required for mail to work in third-party applications.

Come up with a name for this application and click create.

Enter the current password for your mail.ru account and click accept.

3. Create one-time codes.

You can also generate a one-time password. This is in case your phone is unavailable or it is stolen from you and you cannot use your number.

A one-time code can be used when there is no access to a connected mobile phone. Each of them becomes inactive after use. After re-generating codes, all old codes become invalid. Please note that they will only be shown to you once. It is recommended that you print out the generated codes and keep them in a safe place.

Click generate.

Are you sure you want to generate a new code table? Please note that your old codes will no longer be valid.

Click continue.

Enter the current password for your mail.ru account and the SMS code that will be sent to your number.

Click accept.

One-time codes (which are usually generated and sent to you via SMS) will be generated for you. Save them somewhere (just not in your phone, as they are just in case you don't have your phone with you). Well, don't show them to anyone. And if you always keep your phone with you and are sure that it will not be stolen and you can always restore your number, then you can not use one-time codes at all and delete them.

Now when you try to log into your mail on a smartphone or tablet or somewhere else, enter your username and password and click login.

You will also need to enter an SMS code that will be sent to your number or a generated one-time code. If you no longer want to enter an SMS code every time you check email on your smartphone, for example, then check the do not ask box for this device.

And if you don’t receive the SMS code, then press problems logging in?