Two factor authentication is an additional security process to secure your account by a combination of your password and a mobile device. This reduces the chance of your account being hacked into and protects your data with extra secure measures.
Step 1: Users logs in with Username and Password
Step 2: User gets a secure code via SMS/ Voice call or mobile app linked with the account during set up.
Step 3: The user provides the secure code in the browser, to access the account.
The user can choose to remember the code in the particular browser in the system, for the next 45 days. If the user accesses the system from a different browser or a different system, the user needs to re-provide the code.
Step 1: User generates an application specific password for each external application used.
Step 2: During the configuration of Zoho account in the application, provide the 16 digit application specific password.
Step 3: Upon successful authentication, you will be able to access your account.
Application Specific Passwords never expire and hence you need not update the password in the application, even if your web password expires. You can revoke an application specific password from TFA settings, to prohibit/ ban access for the particular application.
As a security measure, you can mandate the Two Factor Authentication (TFA) for the organization. All users must use the additional security code to login to their accounts. Hence make sure that each user has access to a mobile device to get the secure code via SMS/ Voice call or the mobile app with QR code scan option.
The users will be asked to choose between a mobile number or QR code option, to set up Two Factor Authentication, during their next login. You can switch it back to Off, to disable the TFA for the entire organization. However, TFA needs to turned down by the user again, in case already enabled for the account.
The administrator can reset the TFA for users, in case they lost access to the mobile device they used at the time of TFA activation.
The administrator can enable or disable the TFA status for users from the Control Panel.
The users need to generate and use application specific password when accessing the email account via POP/ IMAP or Active Sync, if Two Factor Authentication is enabled for the account.
Steps to generate Application Specific Passwords: