Steps to secure your Zoho Account

Zoho Accounts | February 3, 2019 | 4 min read

From ordering food directly from an app, to quickly fix a doctor’s appointment online, the internet is helping businesses run efficiently. On the other hand, internet security has become an increased concern for individuals and companies alike. At Zoho, our top priority is the success and security of your business. Here are the steps we suggest to provide increased security for your Zoho Account.

Strong Password

Use a strong and unique password for your Zoho account. This will significantly reduce the risk of your account being compromised. Check out this article on common mistakes when choosing a password from Business Insider and make sure you follow the below guidelines:

  • Passwords cannot be the same as your username

  • Password length should be no less than eight characters and no more than 250 characters

  • Passwords should contain at least one special character and one number

  • Passwords should contain both uppercase and lowercase letters

Regularly changing your passwords will also reduce the risk of being hacked. Avoid any previously used passwords for increased protection.

Two-Factor Authentication

Two-Factor Authentication is an additional identity verification step that boosts your account security. By enabling TFA, you will add an extra layer of protection to your account. Besides entering your login credentials, you will be asked to verify your identity by providing a biometric Face ID or Touch ID. Additionally, you can confirm login via a notification, or have a one-time verification code sent to your mobile device. We highly recommend adding these additional security measures for increased account security.

To enable Two-Factor Authentication, we offer an industry standard authentication application called Zoho OneAuth.  This feature comes with four modes of authentication to choose from:

  • Face ID / Touch ID

  • Push Notification

  • Scan QR Mode

  • Time-Based OTP

Additionally, you can choose to have a unique code generated by Google Authenticator sent to your mobile device via SMS or voice call. Refer to the Zoho OneAuth help guide to get a detailed explanation about the functionality of this app.

App Passwords

An app password is a 12-character passcode that gives an app permission to access your Zoho mail from various email clients (such as Microsoft Outlook, Mozilla Thunderbird, etc.).

If the email service you use faces a security breach, then your Zoho account will also be compromised. Using an app password will shield your Zoho account from a possible security breach. If you have enabled TFA for your account, you cannot use your password directly to access POP/IMAP email clients, Jabber clients, and standalone applications. In that case, it would be best if you use an app password to access those applications.

If TFA is not enabled, then you can use either your Zoho account password or an app password to access POP/IMAP email clients. However, we strongly recommend that you enable TFA. You can generate your app password in the App passwords section of your Zoho Account. 

Allowed IP addresses

If you frequently work with sensitive data, you can set up an authorized IP address range for your Zoho Account. Once configured, you can access your account only from that specific range of IP address. This will block any unsolicited access attempts made to your Zoho Accounts from any other IP address. The IP address you provide must be a static IP address and not a Dynamic IP address. A static IP address is an IP address that is configured to your device that remains unchanged, whereas dynamic IP address is provided by DHCP servers and can change with each session. If you use a Dynamic address, the next time you try to log into to your account, you might be locked out. To avoid this, please contact your internet service provider to get a static IP address. Visit our help guide to learn more about Allowed IP addresses.

Security Questions

Adding security questions to your account will help you retrieve your Zoho account if you forget your password or if you are locked out. Having another level of authentication is an excellent way to prevent unauthorized logins. An ideal security question is something that only you know the answer to. Some examples are a memorable day, your babysitter’s name, or the name of your favorite getaway. The answers to these questions need to be just as personal as your password. Set up your security questions in the Security tab of your Zoho account right away.

Apart from these steps, you can take additional security measures to your both personal and Zoho accounts through the following ways:

  • Avoid using personal information such as mobile numbers and credit card details on unsecured websites. Websites that do not include https may not be secure

  • Make sure to log out from your accounts on public computers and devices which don’t belong to you

  • Use advanced authentication methods like Face ID and biometric verification in TFA

  • Instead of storing all your passwords in your browser, we suggest using a password manager.  This way, your passwords will remain safe even if your browser is compromised.

SMS based TFA as a second factor for authentication provides an extra layer of security. However, there have been many incidents of hackers convincing mobile service providers to transfer a phone number, SIM card cloning, SMS network compromises, and SMS-capturing traps via phishing websites. Hence, using advanced authentication methods like a fingerprint or facial recognition will help to secure your account even more.

We hope these suggestions are helpful and provide you with additional security precautions. All of us at Zoho are here to support your growing business needs.

This site uses Akismet to reduce spam. Learn how your comment data is processed.