OneAuth has been officially reimagined to suit your workforce! Since its launch in 2018, OneAuth has secured thousands of Zoho accounts and has effectively kept bad actors such as hackers and identity thieves at bay. As technology has advanced, OneAuth also evolved in order to shield your accounts better. In this new update, we've improved the existing system and introduced new multi-factor authentication (MFA) modes, easy recovery modes, and long-awaited multi-account support. Let's dive in to learn more!
Passwordless authentication - security at its finest
Let's be honest. Passwords are hard to remember, especially when you're changing them often. As a result, many people rely on the same, easy-to-recall passwords for years, and this leaves their accounts vulnerable. According to Verizon's Data Breach Investigations Report (DBIR), 80% of security breaches are tied to weak passwords. Hackers often steal passwords of generally unaware online users through phishing or other exploitative methods, publishing them on the Internet or even sell them to nefarious parties. At Zoho, we protect you with the Breached passwords check, which prevents you from reusing such exposed passwords. However, we have also thought of providing a passwordless sign-in option that will save your time and protect you from cyber threats by removing passwords from the equation altogether.
OneAuth's passwordless MFA lets you access your Zoho account with just a tap. Coupled with biometric authentication such as fingerprint authorization or face ID, it's faster and safer than a password-based MFA.
OTP authenticator - MFA for all accounts
As working from home has become the new normal in many cases, securing your online accounts is now more imperative than ever. OneAuth has transitioned from just protecting your Zoho account to securing all your online accounts that support two-factor authentication. OneAuth's built-in OTP authenticator allows you to configure MFA for your personal accounts like Facebook, Twitter, Microsoft, and more.
Backup and sync - Never lose your codes
OneAuth's OTP authenticator comes with a backup and sync option. You can back up your OTP secrets to the Zoho cloud. Whenever you reinstall the app or install it on a new device, you can restore those secrets from the cloud. Zoho can't view your secrets as they will be stored in an encrypted format using a passphrase you set. It's important to note that you will not be able to recover your secrets without your passphrase.
So what is a passphrase?
Easy recovery modes - You said it, we heard it
We agree that the recovery system of OneAuth had some issues, so we've given it a complete overhaul.
"The app is asking for an OTP from OneAuth to set up OneAuth."
This was a common complaint by many of our users. When you try to reinstall the OneAuth app, or if you lost or upgraded the OneAuth installed device, you may have experienced this unending loop. Unless you had the backup codes in your hand, you would have had to contact our support to access your account. To avoid these scenarios, we have come up with better recovery modes for OneAuth: The passphrase.
A passphrase is a backup password that helps you regain access to your OneAuth app. Set up and use your passphrase whenever you are unable to verify your identity through the other OneAuth MFA modes. Additionally, you can restore your OneAuth app using backup numbers. When you sign in to the app, make sure you enable these recovery options immediately so they are available when you need them.
Multi-account support - A long awaited feature
Many of you might have two or more Zoho accounts for your business. The OneAuth app will now let you sign in to multiple Zoho accounts and switch between them easily. With this new update, you can enjoy a seamless single sign-on (SSO) experience for all of your Zoho accounts.
Alternate authentication - Online and offline
There may be times when you end up being connected to the slow internet, especially when you're traveling. On such occasions, you may not be able to receive push notifications from OneAuth to help you sign in. For those situations, OneAuth now lets you switch between authentication modes. OneAuth's alternate authentication allows you to either enter the OTP or scan the QR code to verify yourself when you sign in.
Apart from these new features, the updated OneAuth still has its core functions such as mobile SSO, multi-device support, devices, and sessions management.