Hardware token based two-factor authentication (2FA) for Fortnite accounts



Two-factor authentication is one of strongest tools available for protecting your Fortnite account. By requiring an additional login confirmation from a secondary account and/or device, 2FA systems prevent nefarious actors from remotely accessing your bank account, email inbox, or indeed, even your Epic account. Considering that most of us have a credit card/Paypal info linked with our Epic accounts, keeping that data confidential has never been more important — especially since the Epic Store’s footprint continues to gain relevance and, by extension, attract hackers.

Currently, two-factor authentication for an Epic games account can be enabled with one of the methods below:

  1. Email authentication
  2. Authenticator app

The security level of the first method, email authentication, is really depending on the email system used. It can be considered pretty secure if the email account associated with your Epic account is itself secured with two-factor authentication. But even with that in place, be aware that email servers may still rely on an insecure protocol (SMTP) when communicating with each other.

The second method is based on using an Authenticator App, such as Google Authenticator, which is certainly more secure than Email authentication but has its own drawbacks (i.e. the app is installed on a compromised mobile phone this puts the account under the risk of being compromised; the smartphone may be lost or stolen etc.)

Hardware tokens is an alternative (or a nice addendum) to using authenticator apps for enabling two-factor authentication for your Fortnite account. The guide below will show how to enroll a Token2 hardware token with your Epic account 2FA.

Requirements: 

  • An Epic games account
  • A Token2 programmable token (only the second generation tokens are compatible with Epic accounts)
  • An Android device with NFC*  - this is needed for the enrollment only, subsequent logins will only require the hardware token
  • TOKEN2 NFC Burner app* - make sure you have the latest version (at least 2.1). Previous versions of the app do not support longer seeds generated by Epic account 2FA system 

[* Windows version is also available, but this guide will use Android as an example]

To enable two-factor authentication on Fortnite:

  • Have your Android device with NFC and TOKEN2 NFC Burner 2 app installed and your hardware token ready
  • On your desktop browser, head over to Epic Games' website and log into your account
  • Go to the "Account" page
  • Click on the "Password & Security" tab
  • Scroll down to "Two-factor authentication" section and click on "Enable Authenticator App" button. This will pop the window below up.

Hardware token based two-factor authentication (2FA) for Fortnite accounts

  • Launch the NFC burner app on your Android device and hit the "QR" button

    Hardware token based two-factor authentication (2FA) for Fortnite accounts


  • Point the camera to the QR code shown on the Fortnite account page. Upon a successful QR scan, the camera window should disappear.
    Kindly note that the size of the QR image shown by the Fortnite page is rather small, so you may need to bring your camera closer to the screen. If still unsuccessful, you can manually enter the code shown on the same page ("Manual Entry Key:") but hitting the "Base32" button on the app under the QR button
  • Turn on the TOKEN2 token and touch it with your phone (make sure it is overlapped by the NFC antenna) and click "Connect" on the app
  • Upon successful connection, click the "Burn seed" button. If NFC link is established and the code is correctly scanned, you should see a status window showing "Burning..." and eventually (in a second or two), "burn seed successful.." message in the log window

    Hardware token based two-factor authentication (2FA) for Fortnite accounts

  • After completing the burning process, turn the token display off and turn it on again
  • Enter the 6 digits code displayed by the token to the "Security code" field on the Fortnite account page



  • Next, upon successful code verification, the following window should appear:

    Hardware token based two-factor authentication (2FA) for Fortnite accounts

  • There is one more optional step: from this window, you can generate a set of backup security codes, which are one-time use codes in case of an emergency.I.e. if your token (and/or your phone) is stolen, lost or corrupted, for instance, one of these codes can be used to log into your Epic account and change your authentication information. Just make sure to store the backup codes securely.