Skip to content

Authentication

MailJawn uses email-based authentication — no usernames. You sign in with your email address and password, and can add extra security with passkeys or an authenticator app.

Signing In

Enter your email and password at the login page. After signing in, you're taken to your dashboard.

Your session lasts 30 days and uses a sliding window — any activity resets the clock. If you don't visit MailJawn for 30 days, you'll need to sign in again.

Email Verification

Email verification is optional but recommended. When you sign up, MailJawn sends a confirmation link to your email. Clicking the link verifies your address and logs you in automatically.

If you skip verification, you can still use MailJawn — but you'll see a banner reminding you to confirm your email.

Multi-Factor Authentication (MFA)

MFA adds a second step to your login. Even if someone gets your password, they can't access your account without the second factor.

MailJawn supports three types of second factor:

Passkeys (WebAuthn)

Passkeys use your device's built-in authentication — Face ID, Touch ID, Windows Hello, or a hardware security key. They're the most secure and convenient option.

To set up a passkey:

  1. Go to Dashboard → Settings → Security
  2. Under Passkeys, click Add Passkey
  3. Follow your browser's prompts to register your device

Once registered, you can sign in by selecting the passkey option on the login page. You can register multiple passkeys (e.g., one for your Mac and one for your iPhone).

Tip

Passkeys are supported in Safari, Chrome, Firefox, and Edge on recent OS versions. If your browser doesn't support passkeys, use an authenticator app instead.

Authenticator App (TOTP)

Any TOTP-compatible authenticator app works — Google Authenticator, Authy, 1Password, etc.

To set up an authenticator:

  1. Go to Dashboard → Settings → Security
  2. Under Authenticator App, click Set Up
  3. Scan the QR code with your authenticator app
  4. Enter the 6-digit code to confirm

After setup, you'll be asked for a code from your app each time you sign in. The app will display MailJawn as the issuer name.

Recovery Codes

When you enable any MFA method, MailJawn generates a set of recovery codes. These are single-use backup codes for when you lose access to your passkey or authenticator app.

Warning

Save your recovery codes somewhere safe — a password manager, printed copy, or secure note. If you lose access to your MFA device and don't have recovery codes, you'll be locked out of your account.

Administrator Accounts

If your account has administrator (superuser) access, MFA is required. You'll be redirected to the security settings page to configure MFA before you can access the admin panel or dashboard.

Regular accounts are encouraged to enable MFA but not forced.

Security Settings

Manage all your authentication methods at Dashboard → Settings → Security. From there you can:

  • Add or remove passkeys
  • Set up or disable your authenticator app
  • View and regenerate recovery codes
  • See which methods are currently active