Blog

Riot MFA Guide: How to Set Up, Get Rewards, and Fix Problems

Posted on by Max Daelon

This riot MFA guide covers everything you need to know about multi-factor authentication on your Riot account as of 2026. One password used to be enough, but not anymore. Your League, VALORANT, TFT, Wild Rift, LoR, and 2XKO accounts are all tied to one login, and if that gets cracked, you lose everything at once. Riot added three ways to lock it down: the Riot Mobile app, Google/Microsoft Authenticator, or a standard inbox code. Already Ascendant or higher in NA, LATAM, BR, or KR? Then the Riot Mobile app isn’t optional for you. EU and AP should get the same treatment later this year.

I set this up on all my accounts (yes, plural) and the whole process took about four minutes per account. You also get free cosmetics for doing it, which is a nice bonus. Here is everything you need to know.

Multi factor authentication Riot account showing three MFA methods including Riot Mobile, authenticator app, and email verification for 2026
Riot gives you three ways to verify your identity when logging in.

What Is Riot MFA and How Does It Work?

You know how some apps send you a text when you log in from a new phone? Same idea, but Riot made it a whole system. Type your password, and then your phone buzzes or your inbox gets a six-digit number. Punch it in and you’re good. If some random person grabs your password off a leaked database? Cool for them, they still need your actual phone to do anything with it.

Riot first rolled out 2FA way back in January 2022, but it was pretty bare bones. It only kicked in when you logged in from a device Riot didn’t recognize. The new system? You can force a check on every single login if you want. New device, old device, doesn’t matter.

Riot dropped a stat a while back that stuck with me: 80 to 90 percent of hacked accounts never had any form of MFA turned on. That’s wild. That’s exactly why Riot rolled out MFA in 2025. Those numbers were embarrassingly high. If you’re reading this and thinking “eh, I’ll do it later,” you’re in that 80-90% right now.

MFA Method How It Works Best For
Riot Mobile Push notification on your phone, tap to approve. Also supports QR code login. Ranked players, fastest login
Authenticator App Opens Google Authenticator, Microsoft Authenticator, or Duo on your phone. You get a token that changes every 30 seconds. People already using authenticator apps for other stuff
Email Six-digit string sent to your linked address. Basic protection, required first step

Something that tripped me up when I first did this: you can’t just jump straight to Riot Mobile or an authenticator app. Riot forces you to turn on the inbox option first. Kind of annoying if you never plan to use it, but that’s how they set it up.

How to Enable Riot MFA (Step by Step)

You do all of this from a browser tab, not inside League or VALORANT. Open a browser and follow along:

  1. Head to account.riotgames.com and log in.
  2. Scroll until you see the Multi-Factor Authentication card.
  3. Hit Enable. (If you tried before and bailed, it’ll say Resend instead.)
  4. Go check your inbox. Riot sends the confirmation fast, but if it’s not there, try spam.
  5. Click Enable Multi-Factor Authentication inside that email.
  6. It bounces you back to your account page. The inbox option is live.

That covers the baseline. But if you want the Riot Mobile option (which you should, especially for ranked), keep going.

Setting Up Riot Mobile

Grab the Riot Mobile app (iOS or Android, both free). Log in with your Riot credentials. First time on a new phone, it’ll ask you to confirm through your inbox before letting you in.

Now flip back to your browser and pull up the account settings again. Look for Activate next to the mobile option and click it. You’ll see a QR pattern on your screen. In the app, hit the scanner icon, point it at your monitor, and it links up in about two seconds. Tap the red Enable button on your phone and that’s it.

Next time you log in anywhere, your phone buzzes with an approval request. One tap and you’re through. Whole thing takes less time than typing a password.

Third-Party Authenticator Apps

If you already live in Google Authenticator or Microsoft Authenticator for other logins, you can use those here too. Once the inbox option is active, both apps show up on your account settings. Activate, scan the QR with your camera, and the app starts cycling through tokens. You get a new six-digit number every thirty seconds, type it in at login, move on.

Personally I just use Riot Mobile. A push notification pops up, I tap “yes,” and I’m in. Way faster than squinting at a six-digit number and typing it before the timer runs out. But hey, if you’re already using Google Authenticator for everything else, stick with what you know.

Free Riot MFA Rewards Across All Games

Free stuff just for locking down your account. Can’t argue with that. This part of the riot MFA guide is everyone’s favorite: the second you finish setup, these show up in your inventory:

Free in-game rewards table for enabling multi factor authentication on Riot account across League of Legends, VALORANT, LoR, and TFT
You get free cosmetics just for turning MFA on.
  • League of Legends: Taliyah “Very Cool” emote
  • VALORANT: “Keep it Safer” Gun Buddy
  • Legends of Runeterra: Rare Prismatic Chest
  • Teamfight Tactics: 100 Treasure Tokens

One thing: Riot only gives these out once. If your account had the old 2FA turned on at any point, the stuff is already in your inventory somewhere. Open your LoL or VALORANT collection and look around if you’re not sure.

The VALORANT gun buddy actually looks decent. Obviously it’s not a $30 skin, but slapping it on your Vandal tells people you care about your account more than the average player. Small flex.

Why Riot MFA Is Required for Ranked in 2026

This video from Riot Games walks through the MFA setup and explains why it matters for ranked.

A lot of players find out about this the hard way. They click the ranked button and instead of “Start” they see “Verify Account.” Confusion, panic, Reddit post. The system Riot now enforces for ranked only accepts the Riot Mobile app. Not your inbox, not Google Authenticator. Has to be Riot’s own app.

Why? Smurfing and boosting. If you need your personal phone to approve every login, sharing your account with a booster goes from “here’s my password” to “also let me hand you my phone.” Most people won’t bother. That friction is exactly what Riot wants.

Riot Mobile MFA ranked requirement rollout timeline showing Patch 11.09, Patch 11.10, and 2026 expansion to EU and AP regions
MFA is already mandatory for high-ranked players in several regions.

Rollout Timeline

Patch 11.09: Riot Mobile became mandatory for shared accounts in NA, LATAM, BR, and KR. Riot also started issuing bans for purchased accounts and detected boosting.

Patch 11.10: The requirement expanded to all Ascendant+ ranked accounts in those same regions. Any account that hits Ascendant or higher from this patch onward needs the Riot Mobile app to queue for competitive. No expiration date on this, it’s permanent.

2026: Riot confirmed plans to roll this out to AP and EU regions. If you play on EUW, EUNE, or any Asia-Pacific server, expect the same requirement sometime this year.

The restriction only affects Competitive queue. Unrated, Deathmatch, Spike Rush, ARAM, and other modes stay fully accessible without MFA. But if you’re serious about ranked, get it set up now so you’re not scrambling mid-session when a patch drops and suddenly locks you out.

How to Skip the Code (Trusted Device)

Look, pulling out your phone every single time you want to play a game gets old fast. Riot knows this. That’s why they added a way to skip it on devices you use regularly.

When the login screen pops up, tick the “Remember this app for 30 days” box. Your PC or phone gets flagged as trusted for a month. No more prompts until that timer runs out.

Goes without saying but: only do this on machines that belong to you. Home PC, personal laptop, your phone. At a LAN event or on a friend’s setup? Don’t check that box.

By the way, the “Remember this app” and “Keep me signed in” checkboxes are two different things. First one tells Riot to stop asking for a second factor on that device. Second one just keeps your login session alive so you don’t re-type your password every launch.

How to Turn It Off (and Why You Probably Shouldn’t)

Technically yes, you can kill it. But why would you? That’s like removing the deadbolt from your apartment because you keep losing your keys.

  1. Sign in at account.riotgames.com.
  2. Go to the Multi-Factor Authentication card.
  3. Click Disable.
  4. Riot throws a confirmation popup. Click through it.
  5. Done. You can re-enable it anytime.

If you have the Riot Mobile option active, you disable that separately from the same page. Click Disable next to Riot Mobile.

Keep in mind that if you’re Ascendant+ in a region where the the phone requirement is active, disabling it will lock you out of Competitive queue. You’ll see the Verify Account prompt again until you re-enable it.

Remote Logout: Clear All Devices

Remember that old laptop you haven’t touched in six months? Or your buddy’s PC from last summer? You might still be logged in on those. One button fixes it.

  1. Sign in to your account page.
  2. Find the Login Management section.
  3. Click LOG OUT EVERYWHERE.

This logs you out of every device and also revokes their trusted status. Next time you log in anywhere, you’ll need to verify again. Good move if you think someone else might have access.

If you recently changed your Riot ID, it’s a good idea to do a remote logout at the same time. Clean slate.

No Riot MFA? Here’s What Happens When You Get Hacked

Scroll through r/leagueoflegends or any Riot Discord for five minutes and you’ll find these posts. Guy wakes up on a Saturday, tries to log in, nothing works. Opens his email and there’s a message from 3 AM saying “your email has been changed.” Skins gone, rank gone, maybe $500+ in purchases gone. And he never set up MFA because “it seemed like a hassle.”

Trying to get it back without any verification on the account? Brutal. You open a ticket, and Riot starts grilling you. Purchase receipts, the email you signed up with years ago, your ISP, hardware IDs. Stuff you probably don’t have bookmarked. I’ve seen people wait two weeks for a response. Some never get the account back at all because they couldn’t prove enough.

Now imagine the same situation but with MFA on. The hacker has your password… and that’s it. They still need your phone or inbox to actually get in. Most of them just move on to an easier target. And if Riot sees a login attempt that keeps failing the second step, they can freeze things before anything gets changed.

If your account was compromised before you set up protection, submit a recovery ticket through Riot’s Player Support page. First thing after getting it back: turn on protection immediately.

Lost Your Phone? Here’s What to Do

Phone falls in a toilet. Gets swiped on the train. Or you just upgraded and forgot to move everything over. If Riot Mobile was your only way in, things get complicated.

But remember how Riot forced you to set up the inbox method first? That’s your lifeline here. Even with your phone gone, you can still log in using the six-digit inbox prompt. Once you’re in, kill the old mobile link and redo it on whatever new phone you’ve got.

Phone AND inbox both gone? That’s worst case. Player Support is still an option, but they’re going to grill you on purchase history, original email, all that. Expect it to take a while.

Anytime you switch phones, go to the account page in your browser and turn off the old Riot Mobile link before you do anything else. Then set it up on the new phone. Thirty seconds of work versus a potential support ticket nightmare.

Troubleshooting Common Problems

Confirmation emails going to an old address

Can’t get into the inbox that’s tied to your Riot account? You’re going through Player Support for this one. Open a ticket on their site and let them guide you through recovery. Fair warning: this isn’t instant. Could take a couple days. Don’t wait until you’re in promos to figure this out.

Getting codes you never asked for

Gets asked on Reddit every week. You never turned anything on, but Riot keeps sending you random codes. What gives? Turns out Riot forces a check whenever you do something sensitive like changing your email or resetting your password. It kicks in automatically and has nothing to do with the full MFA setup. Totally separate system.

Code not arriving

Spam folder. Check it. Half the time it’s sitting right there. If not, give it 60 seconds and request another one. Gmail and Yahoo are slow sometimes. Still nothing? Go to your account page, hit Sign-In & Security, and make sure your address actually shows as verified.

Riot Mobile push notifications not working

Android users: battery optimization loves to murder background apps. Go into settings and whitelist Riot Mobile. iPhone users: Settings, then Notifications, find Riot Mobile, make sure everything is on. Nine times out of ten that fixes it.

Riot MFA on a Purchased or Smurf Account

This comes up constantly and it’s worth addressing. If you buy a LoL smurf account or pick up a VALORANT account, one of the first things you should do is secure it with MFA.

The second you finish changing the email and password to yours, go set up MFA. Refer back to the steps earlier in this riot MFA guide if you need a refresher. I’m serious. The previous owner still knows the old login. If they get back in because you didn’t bother locking it down, nobody’s going to help you.

For ranked players, remember that Ascendant+ accounts in affected regions need the Riot Mobile app. A third-party app or email alone won’t satisfy the competitive queue requirement.

Riot vs. Steam, Epic, and Blizzard 2FA

Steam, Epic, Blizzard, they all have their own version of 2FA. Riot’s version is basically the same concept, with one big difference: ranked. No other game I know of locks you out of competitive unless you use a specific app on your phone. That’s a Riot-only move.

Steam Guard is optional. Epic’s 2FA is optional. Battle.net’s thing is optional. Riot looked at all of that and said “we’re making ours mandatory for ranked.” Nobody else in gaming does this. On the plus side, if you ever get flagged or banned on a Riot account, having MFA turned on gives you an edge in the appeal because Riot can see you’re the real owner.

Is Riot MFA Worth Enabling?

If you made it this far through the riot MFA guide, you already know the answer. You spend five minutes clicking buttons and scanning a QR code. In return you get free cosmetics across four games and actual protection for years of progress and real money purchases. After the first login the trusted device option kicks in and you forget it exists. Same energy as the League honor system rewards: minimal effort, free stuff.

Playing ranked? You need this yesterday. Or at least before whatever patch drops the requirement in your region. Riot’s rollout to new servers isn’t slowing down. Set it up on a Tuesday afternoon when you’ve got five minutes and never think about it again.

Frequently Asked Questions

What is multi factor authentication in Riot Games?

Multi factor authentication is a login security feature for your Riot account that requires a second form of verification beyond your password. Riot supports three methods: the Riot Mobile app, a third-party app like Google Authenticator, or a six-digit code sent to your inbox.

How do I enable it on my Riot account?

Sign in at account.riotgames.com, go to the Multi-Factor Authentication section, and click Enable. Riot sends a six-digit code to your inbox. Enter it to activate the basic option. From there you can also set up the mobile or authenticator app option.

Do I get free rewards for turning it on?

Yes. You receive a Taliyah ‘Very Cool’ emote in League of Legends, a ‘Keep it Safer’ Gun Buddy in VALORANT, a Rare Prismatic Chest in Legends of Runeterra, and 100 Treasure Tokens in TFT. Rewards are granted once per account.

Is Riot Mobile required for competitive play?

Yes, in certain regions. Starting with Patch 11.09, Riot Mobile became mandatory for Ascendant+ players and shared accounts in NA, LATAM, BR, and KR. Riot plans to expand this requirement to AP and EU regions in 2026.

Do I have to enter a code every time I log in?

No. During login you can check the ‘Remember this app for 30 days’ box. This marks your device as trusted for a month, so you only verify once every 30 days on that specific device.

What if my MFA emails go to an old email address?

If you no longer have access to the email linked to your Riot account, contact Riot Player Support and submit a ticket. They will help you recover access and update your address.

Can I use Google Authenticator instead of Riot Mobile?

Yes. After enabling the basic option, you can set up Google Authenticator, Microsoft Authenticator, or Duo as your verification method. But the mobile app is required for the ranked competitive queue requirement in affected regions.

Last updated: April 2026

Official Riot MFA Support Page

Max Daelon

AgataSmurf.com is your source for League of Legends, Valorant, Marvel Rivals and other games wiki, guides, database, builds, tier list, news, and more.

Select your currency
USD United States (US) dollar
GBP Pound sterling
RUB Russian ruble
EUR Euro
AUD Australian dollar
CAD Canadian dollar