Home  »  Two factor Authentication (TFA)

Two factor Authentication (TFA)

Tags:  

Two Factor Authentication (TFA) - an extra layer of security for your Zoho Account 

Now, there's an extra layer of security is available in Zoho, Two Factor Authentication, that uses your mobile phone to protect your Zoho Account. So, you'll protect your account with something you know (your password) and something you have (your phone). This uses uniquely generated verification code for your account, which will be sent to your phone via SMS text, voice call or using Google Authenticator mobile app, along with your password.

How TFA works ?

Once TFA is enabled, Signing in to your Zoho account will work as follows, 
  • Whenever you sign in to Zoho, as usual you'll enter your account password. 
  • Then, you'll be asked for a verification code that will be sent to your phone via SMS text, voice call, using Google Authenticator mobile app.


Note : Two Factor Authentication (TFA) will be applied to all the services you access under Zoho SSO with your Zoho Account. You'll also be prompted for a verification code on mobile browsers and mobile apps.

Setup TFA

  1. Mode

    First step, choose the mode for using Two Factor Authentication (TFA). You can select wither (a). SMS Text Message / Voice Call or (b). Google Authenticator.


  2. Setup 

    a) SMS Text message / Voice call :

    Enter the phone number to setup and select the mode of receiving the verification code either SMS text message or Voice Call. Once you submit, the verification code will be sent to your phone based on the mode you have chosen. 


    b) Google Authenticator :

    If you choose this mode, then you have install "Google Authenticator " mobile app in your phone (iOS/Android, etc.,). To configure your account in Google Authenticator, scan the barcode image displayed in the "Setup" page. 


    If any problem in loading the image, then you can use the 16-character "secret key" displayed on clicking the "Have problem in loading the image ?" to configure you account in Google Authenticator.



  3. Verify

    Enter the verification code received in your phone in SMS text message/voice call or generated in the Google Authenticator mobile app and then, click "Verify". 



    a). If you are not receiving the verification code, then try to use "Resend" option to send the verification code. Depending on the mobile service provider, SMS text messages may take time to receive, so please wait for sometime.

    b). If you have selected "Trusted Browsers" check-box, then verification code won't be asked for next 30 days, when you Sign-In to your account using the same browser on the same computer. Otherwise, verification code will be asked on each time you Sign-In to your account. Confirm For security purpose, you have to enter your account password to complete the TFA setup process and click "Turn on" to enable it for your account. 
     
  4. Confirm

    For security purpose, you have to enter your account password to complete the TFA setup process and click "Turn on" to enable it for your account.


Verification Code 

These are the codes that are generated uniquely for your account when you Sign-In to your Zoho Account using your account password. You can receive the verification code in anyone of the following ways,
  • Zoho can send verification code to your phone via SMS text message.
  • Zoho can call your phone or landline with your account verification code.
  • Google Authenticator mobile app can generate verification code.

a). If you are not receiving the verification code, then try to use "Resend" option to send the verification code. Depending on the mobile service provider, SMS text messages may take time to receive, so please wait for sometime.

Backup Verification Code 

These are the codes that can be used when you can't receive the verification code in your phone. You can print or download and keep it safe a set of one-time use backup verification codes for times when your phones are unavailable, or when you are in out of mobile network coverage area, such as when you travel.
How to get backup codes for my account ?
  1. Go to, https://accounts.zoho.com 
  2. Under "Two Factor Authentication" link, click "Manage Backup Verification Codes"



  3. Set of backup codes will be listed and you can click "Save as text" to save it locally. If required, you can print the backup codes and keep it secure.
  4. These codes are one-time use only and can be used in place of verification code, when you Sign-In to your account.
  5. In case, if you want to regenerate the backup codes, click "Generate new codes", which will delete the existing code and generate new set of backup codes. .
Where should I use the backup codes ?
  1. These are one-time valid verification codes. 
  2. Can be used in place of "Verification Code" after Sign-In to your account with password. 
  3. Click "Can't access your phone?" in the Sign-In Verification code page and enter one of the backup code saved to Sign-In to your account.
IMPORTANT : If your phone is unavailable, these codes will be the only way to sign in to your account. So, make sure to keep them in secure and accessible place.

Application Specific Password

TFA cannot be achieved in some non-browser based applications like POP/IMAP mail clients (Outlook, Thunderbird, IPhone, Android mails), Jabber Chat clients, Plug-Ins, ActiveSync, etc., To access your account using these applications, you need to generate an application-specific password. And, this application-specific password has to be entered in the password field of your application instead of your regular account password. You can create a new application-specific password for each application you require to access.
How to generate an application-specific password ?
  1. Go to, https://accounts.zoho.com 
  2. Under "Two Factor Authentication" link, click  "Manage Application Specific Passwords"



  3. Enter a descriptive name for the application (Device or App Name) you want to access, such as "iphone email" along you account password (Current Password) for security purpose and then click “Generate".



  4. You'll then see the application-specific password, which you can use to access the required application. Note that, application-specific password will be shown only once and if required, you have generate new one again.
  5. On the same page, at the right bottom "Show Generated Passwords" link will list you the already generated application-specific password details with Device/App Name and option to "Revoke" to delete any generated password permanently.

Trusted Browsers 

Your trusted browser on a computers don't ask for a verification code every time you sign in for 30days. You can mark a browser on a particular computer as trusted browser by selecting "Trust this browser" option, when entering your verification code during Sign-In process.
How to view/delete trusted browsers ?
  1. Go to, https://accounts.zoho.com 
  2. Under "Two Factor Authentication" link, click "Manage Trusted Browsers".



  3. This will list you the details of the browsers trusted on any computer IP Address for your account already.
  4. You may also delete the trusted browser at any time from the above list using "Revoke" link. By doing this, you will require to enter a verification code the next time you sign in on those browser in a computer.

Backup Phone Number

Backup phone numbers are used to send you verification codes in case your primary phone is unavailable or lost during Sign-In process. We will use this only when you ask us to send code and for account security.
How to add/delete backup phone numbers ?
  1. Go to, https://accounts.zoho.com 
  2. Click "Two Factor Authentication" link, and then add backup phone number by clicking the icon next to you mobile number. 

TFA for Business Organization

To enable Two-factor Authentication for all the users of your Zoho Business Organization, refer the documentation here.

FAQ

#. My phone was misplaced or no network coverage in my area. What should I do to get into my account ? 

 - You can use safely stored backup verification codes
 - Sign-In from already trusted browser

#. Codes generated in my Google Authenticator mobile app aren’t working. 

This might be because the time on your phone or Google Authenticator app is not synced correctly. Make sure to correct the time to current time using 'network operator' time option in phone or 'Time Sync' option in the app. 

#. Verification code are not received via SMS text message. 

SMS text message delivery speed may vary by location and service provider. Also make sure you are in network signal coverage area, when you’re trying to receive your codes. Alternatively, you can try using 'voice call' option shown in the verification page to receive the code in phone call, sometimes delivery of the voice call is more reliable than the text message.

#. Verification code are not received via SMS text message or phone call 

- You can use safely stored backup verification codes
- Sign-In from already trusted browser
- If you have a smartphone, we recommend you use the Google Authenticator app, which doesn't requires any network connection.

#. Mails are not fetching, Chat client, plug-ins don't work, after I turned on TFA for my account. 

When you turn on TFA for your account, then any applications (desktop/mobile) that need direct Zoho Account password verification using APIs won't work until you enter an application-specific password instead of your normal password. You can generate a new application-specific password whenever you are prompted for an password by a non-browser device or application. 

Some of the applications and devices that require an application-specific password include: POP and IMAP email clients such as Outlook, iPhone Mail and Thunderbird used to fetch mails from Zoho Mail, Jabber chat clients, Plug-ins, ActiveSync, etc.,

#. How to disable Two Factor Authentication for my account ?

You can manage and disable Two Factor Authentication for your account from https://accounts.zoho.com >> Two Factor Authentication page. Click the "Disable" link in this page to disable TFA for your account.

Note : If your account is part of Zoho Business Organization and TFA is enforced by your organization administrator, then contact your administrator to disable TFA for your account.



Join and protect your Zoho Account with strong Two Factor Authentication !!






 RSS of this page