With over 8 Million users working online on our services, ensuring information security is an important priority for us. Your Zoho.com account is the entry point for a bunch of collaboration, productivity and business apps from Zoho that not only help run your business, but also hold your data. Obviously, you would want to keep that entry point safe.

zoho-two-factor-authentication1

Keeping this in mind, we have added support for two step authentication to get into your Zoho account. In this age of phishing attacks and identity thefts, relying on login password alone does not guarantee security. No matter how strong or complex your primary password might be, your account stands the risk of a breach if your password happens to fall into the wrong hands.

Two Factor Authentication (TFA) provides an additional layer of security around your account. As it requires two successive factors – ‘something you know’ (your password) and ‘something you have access to’ (your mobile phone, for example), it helps greatly reduce account compromises due to phishing attacks and other online frauds.

Once TFA is enabled, you need to first login to your Zoho account with usual credentials. You will then receive a uniquely generated verification code to your phone either as a voice call or as an SMS text, which you should attend/enter to complete the login process. Alternatively, you can use the Google Authenticator app on your smart phones to generate the second factor code.

Immediately available 

TFA is immediately available to all the users of Zoho and setting it up is quite straightforward. Access https://accounts.zoho.com/ and navigate to ‘Two Factor Authentication’ section and then follow the instructions available to carry out the set up process. If your Zoho account is part of ‘Zoho Business Organization’, the TFA can  be enforced / controlled only by the organization administrator.

Optional, but highly recommended 

Two Factor Authentication is completely optional. But, from security standpoint it is highly recommended. Security benefits of TFA far outweigh the minor inconvenience of having to authenticate through two successive stages.

More information on TFA

Application-specific passwords

For certain non-browser based applications such as POP/IMAP mail clients (Outlook, Thunderbird, IPhone, Android mails), Jabber Chat clients, Plug-Ins, ActiveSync, etc. the TFA implementation does not work. To access your account using these applications, you need to generate unique passwords for each application (in other words, application-specific passwords). The application-specific password has to be entered in the password field of your application instead of your regular account password. You can find more information in this section of our TFA documentation.

If you lose your mobile phone …

Since the second factor of authentication depends on your mobile phone, if you happen to lose your phone, you’ll lose access to Zoho account too. To circumvent this, we have given provision to generate backup codes. To make sure you’re never locked out of your Zoho account, you can generate ‘one time’ backup codes when you enable two-factor authentication. We suggest that you print the backup codes and keep them in a secure place. You can generate backup codes from  https://accounts.zoho.com >> Two-Factor Authentication page.

In addition, you can add backup phone numbers to which verification codes could be sent in case your primary phone is not available. More information on backup provisions is available in this section.

Disabling TFA

We don’t recommend disabling TFA as it takes away the extra layer of security. However, if there is a pressing need, you can disable TFA for your account from https://accounts.zoho.com >> Two Factor Authentication page. Click the “Disable” link in this page to disable TFA for your account. As mentioned earlier, if your Zoho account is part of ‘Zoho Business Organization’, TFA can be disabled only by the organization administrator.

We invite you to try two factor authentication to secure your account right away.

  1. s

    welL I am using zoho since my computer was under attack many times from illegal groups. So..

    The issue is if your mobile phone is compromised (wiretapped, text being read ) this feature doesn’t mean anything.

    The best recommandation for Zoho would be setting up a feature which limits device that can access the account!!!! that would be the best

  2. vishram Ramakant Parab

    Hi .
    Change of Mobile no from 8879828337 & now I am using new mobile no 8451077544.I want to changing the same to replacement of old mobile no for getting verification code.Please advice in brief. Your kind co-operation against this matter will very much appreciated.Awaiting for your early response.

    With Warm Regards,

    Vishram R.Parab

  3. Katie Nankivell

    Hi,

    I have the Google authentication set up. However find it is really annoying.

    How can i deactivate this feature?

    Thanks,

    Katie