Enabling two-factor authentication (2FA)

How to protect your LeakedSource account with authenticator-app 2FA and recovery codes.

Two-factor authentication adds a second requirement to signing in: something you have (your phone) on top of something you know (your password). We strongly recommend it — your LeakedSource account holds a map of your breach exposure.

How to enable 2FA

  1. Sign in and go to Settings → Security.
  2. Click Enable Two-Factor Authentication.
  3. Scan the QR code with an authenticator app (Google Authenticator, Authy, 1Password, Microsoft Authenticator — any TOTP app works).
  4. Enter the 6-digit code from the app to confirm setup.

From then on, signing in requires your password plus a current code from the app.

Recovery codes — save them now

When you enable 2FA, we generate recovery codes. Each one can be used once to sign in if you lose access to your authenticator app. Store them somewhere safe (a password manager is ideal, a printout works too). You can view or regenerate your codes at any time from Settings → Security — regenerating invalidates the old set.

Lost your device?

Use one of your recovery codes to sign in, then disable and re-enable 2FA with your new device. If you've lost both your device and your recovery codes, contact us via the contact form from the email address on your account and we'll verify your identity manually.

Why an app instead of SMS?

Authenticator apps aren't vulnerable to SIM-swapping. Ironically, phone numbers exposed in data breaches are exactly what makes SMS-based 2FA risky.

Last updated July 10, 2026

Still need help?

Reach out and a real person will get back to you.

Contact Support

LeakedSource Support

AI assistant — a human reviews escalated chats

This chat has been escalated to our support team — a human will reply here or by email. If you haven't shared your email yet, just type it here so we can reach you.
Hi! I'm the LeakedSource assistant. Ask me about scans, breaches, billing, or your account.