Steps to secure your Zoho Account

Zoho Accounts | February 3, 2019 | 4 min read

From ordering food directly from an app, to quickly fix a doctor’s appointment online, the internet is helping businesses run efficiently. On the other hand, internet security has become an increased concern for individuals and companies alike. At Zoho, our top priority is the success and security of your business. Here are the steps we suggest to provide increased security for your Zoho Account.

Strong Password

Use a strong and unique password for your Zoho account. This will significantly reduce the risk of your account being compromised. Check out this article on common mistakes when choosing a password from Business Insider and make sure you follow the below guidelines:

  • Passwords cannot be the same as your username

  • Password length should be no less than eight characters and no more than 250 characters

  • Passwords should contain at least one special character and one number

  • Passwords should contain both uppercase and lowercase letters

Regularly changing your passwords will also reduce the risk of being hacked. Avoid any previously used passwords for increased protection.

Two-Factor Authentication

Two-Factor Authentication is an additional identity verification step that boosts your account security. By enabling TFA, you will add an extra layer of protection to your account. Besides entering your login credentials, you will be asked to verify your identity by providing a biometric Face ID or Touch ID. Additionally, you can confirm login via a notification, or have a one-time verification code sent to your mobile device. We highly recommend adding these additional security measures for increased account security.

To enable Two-Factor Authentication, we offer an industry standard authentication application called Zoho OneAuth.  This feature comes with four modes of authentication to choose from:

  • Face ID / Touch ID

  • Push Notification

  • Scan QR Mode

  • Time-Based OTP

Additionally, you can choose to have a unique code generated by Google Authenticator sent to your mobile device via SMS or voice call. Refer to the Zoho OneAuth help guide to get a detailed explanation about the functionality of this app.

App Passwords

An app password is a 12-character passcode that gives an app permission to access your Zoho mail from various email clients (such as Microsoft Outlook, Mozilla Thunderbird, etc.).

If the email service you use faces a security breach, then your Zoho account will also be compromised. Using an app password will shield your Zoho account from a possible security breach. If you have enabled TFA for your account, you cannot use your password directly to access POP/IMAP email clients, Jabber clients, and standalone applications. In that case, it would be best if you use an app password to access those applications.

If TFA is not enabled, then you can use either your Zoho account password or an app password to access POP/IMAP email clients. However, we strongly recommend that you enable TFA. You can generate your app password in the App passwords section of your Zoho Account. 

Allowed IP addresses

If you frequently work with sensitive data, you can set up an authorized IP address range for your Zoho Account. Once configured, you can access your account only from that specific range of IP address. This will block any unsolicited access attempts made to your Zoho Accounts from any other IP address. The IP address you provide must be a static IP address and not a Dynamic IP address. A static IP address is an IP address that is configured to your device that remains unchanged, whereas dynamic IP address is provided by DHCP servers and can change with each session. If you use a Dynamic address, the next time you try to log into to your account, you might be locked out. To avoid this, please contact your internet service provider to get a static IP address. Visit our help guide to learn more about Allowed IP addresses.

Security Questions

Adding security questions to your account will help you retrieve your Zoho account if you forget your password or if you are locked out. Having another level of authentication is an excellent way to prevent unauthorized logins. An ideal security question is something that only you know the answer to. Some examples are a memorable day, your babysitter’s name, or the name of your favorite getaway. The answers to these questions need to be just as personal as your password. Set up your security questions in the Security tab of your Zoho account right away.

Apart from these steps, you can take additional security measures to your both personal and Zoho accounts through the following ways:

  • Avoid using personal information such as mobile numbers and credit card details on unsecured websites. Websites that do not include https may not be secure

  • Make sure to log out from your accounts on public computers and devices which don’t belong to you

  • Use advanced authentication methods like Face ID and biometric verification in TFA

  • Instead of storing all your passwords in your browser, we suggest using a password manager.  This way, your passwords will remain safe even if your browser is compromised.

SMS based TFA as a second factor for authentication provides an extra layer of security. However, there have been many incidents of hackers convincing mobile service providers to transfer a phone number, SIM card cloning, SMS network compromises, and SMS-capturing traps via phishing websites. Hence, using advanced authentication methods like a fingerprint or facial recognition will help to secure your account even more.

We hope these suggestions are helpful and provide you with additional security precautions. All of us at Zoho are here to support your growing business needs.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  1. Sharon Donnelly

    It doesn’t seem to want my Primary Zoho phone # and # to use for authentication to be the same phone # – but I only have one phone #. Is there a way around this?

  2. Tim

    Thanks

  3. Fikri Abdelhalim

    Je n’arrive pas a me connecter a mon compte crm!?

  4. MAYA

    Safe and reliable.

  5. Jitendra Sahu

    Please locked open

  6. Ben Morton

    To give you candid feedback:
    1) the constant having to sign in to my acct is very annoying – & certainly is far more often than once per month
    2) This is my own laptop which I use every day, so to get a message saying “we have detected a new login from a different device” etc is ridiculous

    • Kaavian Sivam

      Hello Ben!

      To resolve your first issue, you can trust the browser you’re using to sign in to your Zoho account. You can learn about trusted browser here Trusted Browesers

      And about your second issue, we send the new sign-in alert only when we detect a new device. This is for your security purpose and to safeguard your account.

      • Sharon Donnelly

        This second part does not seem to be true – I too get this email when using the same computer I always do, this occurs when you all log me out and try to make me go through to add 2 factor authentication* and when I final figure out how to get out of that I have this message eve though I am using same computer I always do. (*which it never lets me complete as it says my cell # already exists and it does because it’s my Prime # in zoho – but it is my only phone # and your system seems to want two different ones)

  7. Benjamin B Keyes, PhD, EdD

    Someone got into the account before I did this morning. What should I do about this as this is the first time I am into the account.

    • Kaavian Sivam

      Hello Benjamin!
      I’m sorry to hear that. In order to recover your compromised account, you can try to reset your password. Also please notify us about the issue by sending an email to support@zohoaccounts.com for us to investigate the issue further.
      To improve the security of your Zoho account you can also try enabling Multi-factor Authentication. You can read about it here.

  8. Stephen firestone

    Kaavian, how can I reach you ?
    You helped me months ago and I again have a problem

    Steve Firestone

  9. Paisarn@usam.co.th

    I want to change my password.what should I do

    • Kaavian Sivam

      Hi Paisarn,

      To change your Zoho account password,
      1. Sign in to your Zoho accounts
      2. Click Security, then Change Password.

      To reset your password, click Forgot Password? link during signing in.

  10. Danny degaris

    I will use your suggestions thank you

  11. festus ojiezele

    i need help in activating my account

  12. Shirl

    Please undo this; this was an accidental click and I do not need a Zoho account right now. Thank you very much.

  13. jerry ford

    This quote keeps coming up when I try to send a message from Jerry@fordcanyon.com
    “An error occurred while trying to sign this message with a certificate from “jerry@fordcanyon.com”. Verify that your certificate for this address is correct, and that its private key is in your keychain.” How do I fix this?

  14. Aniz Bajracharya

    The article is very appreciated because it helped me a lot to secure Zoho Account. At first I had a bit problem for signing the Zoho Account as the risk in my account was occurred regarding common mistakes when choosing a password was frequent. With the help of your article my problem was solved. To boosts up my account security, i used two factor authentication with the help of your guide for the protection to my account. I literally didn’t knew about the App Passwords so I followed your words and I was able to add password in app which made my account even more secure. Instead of storing all my passwords in the browser, I have used a password manager for safe even if my browser is compromised as per you suggestion. I have even shared this article to my technical friends as this article is satisfying and if any problem arise in the future.
    I have written an article to login Zoho Email .Please have a look at it.
    http://mail-logins.net/zoho-email-login-and-reset-steps/

    • Kaavian Sivam

      Hello Aniz!
      Thank you for your kind response. I’m glad to hear that we have solved your problem. Keep using Zoho products and we’re looking forward to your contributions.

  15. Julian Gower

    Dear Kaavian Sivam & colleagues,
    I do not use a mobile phone for my online activities, using only a PC for my Zoho account. All your new 2nd security steps seem to require a mobile phone, which I do not wish to use for anything to do with money, online accounts or email addresses, etc.
    Nobody has access to my home computer and it is well protected and has excellent antivirus and other security measures which have never been breached.
    Accordingly, I trust I can continue using my Zoho services currently used without the extra risk of using a mobile phone.
    I look forward to your advice/response.
    Yours sincerely –

    • Kaavian Sivam

      Hello Julian!
      Sorry, we missed your comment.

      I understand that you don’t wish to use your mobile number for any kind of authentication purposes. We are now supporting YubiKey based authentication. YubiKey is a physical key used for authentication purpose. You can read more about the YubiKey here.

  16. JUAN IGNACIO PILONI

    Buenas tardes no recuerdo mi contraseña, que pasos debo seguir para recuperar mi cuenta?

    • Kaavian Sivam

      Hola juan,
      Lo sentimos, perdimos tu comentario.
      Para recuperar tu cuenta,
      1. Puede restablecer su contraseña usando ¿Olvidó su contraseña? enlace durante el inicio de sesión
      2. Si ya ha descargado códigos de verificación de respaldo, puede usarlos para recuperar su cuenta. Consulte este documento para obtener información sobre cómo utilizar los códigos de verificación de respaldo. Backup verification codes
      3. Si aún no puede recuperar su cuenta de Zoho, envíe un correo electrónico a support@zohoaccounts.com

  17. dennis

    I did this its ok thanks

  18. jyoti jaiswara

    I want to reset my password.

  19. jorge armando sulub ceballos

    no puedeo traducir a español la pagina, me pide intentarlo mas tarde, ya lo intente 8 veces y nada que pasa?? necesito ayuda por favor

  20. Rakesh B V

    Zoho saves my time and gives best protection to my zoho account

  21. Pankaj Gandhi

    its to good

  22. Rakesh B V

    Thank you for your zoho service

  23. Rakesh B V

    Helps us to get better