Zoho Mail Control Panel - Help

Two Factor Authentication (2 Step Verification)

Two factor authentication is an additional security process to secure your account by a combination of your password and a mobile device. This reduces the chance of your account being hacked into and protects your data with extra secure measures.

How Two Factor Authentication works:

Login via Web:

Step 1: Users logs in with Username and Password

Step 2: User gets a secure code via SMS/ Voice call or mobile app linked with the account during set up.

Step 3: The user provides the secure code in the browser, to access the account.
The user can choose to remember the code in the particular browser in the system, for the next 45 days.  If the user accesses the system from a different browser or a different system, the user needs to re-provide the code. 

Access via POP/ IMAP or Active Sync:

Step 1: User generates an application specific password for each external application used. 

Step 2: During the configuration of Zoho account in the application, provide the 16 digit application specific password. 

Step 3: Upon successful authentication, you will be able to access your account.

Application Specific Passwords never expire and hence you need not update the password in the application, even if your web password expires. You can revoke an application specific password from TFA settings, to prohibit/ ban access for the particular application. 

Two Factor Authentication for Organizations

As a security measure, you can mandate the Two Factor Authentication (TFA) for the organization. All users must use the additional security code to login to their accounts. Hence make sure that each user has access to a mobile device to get the secure code via SMS/ Voice call or the mobile app with QR code scan option.

  1. Login to www.zoho.com/mail as Administrator
  2. Click Control Panel >> Dashboard >> Two Factor Authentication
     
  3. Select the option 'On' to enable and enforce Two Factor authentication for all users in the organization. 

The users will be asked to choose between a mobile number or QR code option, to set up Two Factor Authentication, during their next login. You can switch it back to Off, to disable the TFA for the entire organization. However, TFA needs to turned down by the user again, in case already enabled for the account. 

Steps to Reset TFA for Users:

The administrator can reset the TFA for users, in case they lost access to the mobile device they used at the time of TFA activation. 

  1. Login to www.zoho.com/mail as Administrator
  2. Click Control Panel >> Mail Accounts >> Select the user
  3. Select Reset TFA for the user, to whom you want to reset the TFA process. 
     
  4. The next time the user logs in, the user can set up TFA from the beginning, providing a new mobile number/ Google Authenticator.

Steps to Enable/ Disable TFA for Users:

 The administrator can enable or disable the TFA status for users from the Control Panel. 

  1. Login to http://www.zoho.com/mail as Super Admin
  2. Click Control Panel >> User Details
  3. Select Two Factor Authentication 
  4. Select 'Enable' or 'Disable' to enable/disable the Two Factor Authentication for the user. 

Generating Application Specific Passwords

The users need to generate and use application specific password when accessing the email account via POP/ IMAP or Active Sync, if Two Factor Authentication is enabled for the account. 

Steps to generate Application Specific Passwords:

  1. Login to http://www.zoho.com/mail as user
  2. Click My Account link in the top to view Zoho Accounts
  3. Select Two Factor Authentication >> Manage Application specific passwords. 
     
  4. Provide the device name and your current web login password in the page. The device name is just a reference name, for you to verify/ revoke in future. 
     
  5. Select 'Generate' to view the application specific password. 
     
  6. The device specific password will be displayed only once and will not be displayed again. 
  7. You need to use the password without any spaces in the device. 
  8. You can select Show generated passwords link to view the past generated time and device names. 
     
  9. You can revoke any password, if you no longer use the device or to remove access to the application. 

The Most Powerful Hosted Email for Business Enterprise level hosted mail starting at just $2 /Month /User

Get Started