Deprecation of SMS-based multi-factor authentication (MFA) mode - Zoho Security

Deprecation of SMS-based multi-factor authentication (MFA) mode - Zoho Security

Overview of SMS-based OTP MFA mode 

The SMS-based OTP MFA method involves the delivery of a one-time password to a user's mobile phone via SMS. The user receives the OTP on their mobile phone and enters it to sign into their account.

SMS-based OTPs offer convenience due to their accessibility; nearly everyone possesses a mobile phone and SMS-based OTPs arrive quickly, allowing for easy and secure authentication.

However, there are some other considerations and security risks that make the SMS-based OTP one of the least preferable options for multi-factor authentication. Hence, we’ve decided to deprecate it as an MFA mode.

Reasons for deprecation 

SMS-based OTPs are susceptible to various attacks, including phishing, SIM swapping, and signaling system 7.

Phishing attack: Scammers send fake messages with links to websites that resemble our sign-in page. For example:
They trick you into entering your login details and OTPs. If you do, scammers can access your account, putting your personal information and security at risk.

SIM swapping: By knowing your phone number, a scammer can contact your telecom provider's customer service and request to transfer your phone number to a new SIM card, giving them access to your accounts and personal data without your consent.

Signaling system 7 attack: A hacker can spy on you via the cell phone signaling system, where they can listen to calls, intercept text messages, and track your phone's location, leading to serious security risks.

Considering the security threats in SMS-based OTPs and the guidelines on implementing phishing-resistant MFA given by the Cybersecurity & Infrastructure Security Agency (CISA) of the United States government, we deprecated the SMS-based OTP MFA mode.

➤ Current status
     Deprecation of SMS-based OTP MFA mode for all users who signed up after January 1, 2024.

➤ Upcoming plan
     Migration of existing users and organizations currently enforcing SMS-based OTP MFA to alternate MFA modes.  

Alternate MFA modes

If you’re an organization admin, you can set up a different MFA mode for your organization in the security policies. If you’re a personal user, you can go to the multi-factor authentication section at accounts.zoho.com and set up any of the MFA modes described below.
  • OneAuth (recommended)
    Zoho OneAuth is a multi-factor authentication app that you can use to secure your Zoho account as well as third-party accounts, including Google, Facebook, and Microsoft. With OneAuth, you can set up any of the three authentication modes: push notifications, time-based OTPs, and QR codes.

  • OTP authenticator
    OTP authenticators are apps you can use to set up MFA for your account. These apps generate new OTPs in duration you set, which you can use to sign in to your account.
    Learn how to set up an OTP authenticator.

  • Security key
    A security key is a hardware device that you link to your account to enable multi-factor authentication. Once linked, you'll need to use this key each time you sign in to verify your identity.
    Learn how to set up the security key.
If you have any questions, please write to us at support@zohoaccounts.com.

    Access your files securely from anywhere

          Zoho Developer Community




                                    Zoho Desk Resources

                                    • Desk Community Learning Series


                                    • Digest


                                    • Functions


                                    • Meetups


                                    • Kbase


                                    • Resources


                                    • Glossary


                                    • Desk Marketplace


                                    • MVP Corner


                                    • Word of the Day



                                        Zoho Marketing Automation
                                                • Sticky Posts

                                                • Deprecation of SMS-based multi-factor authentication (MFA) mode

                                                  Overview of SMS-based OTP MFA mode The SMS-based OTP MFA method involves the delivery of a one-time password to a user's mobile phone via SMS. The user receives the OTP on their mobile phone and enters it to sign into their account. SMS-based OTPs offer


                                                Manage your brands on social media



                                                      Zoho TeamInbox Resources

                                                        Zoho DataPrep Resources



                                                          Zoho CRM Plus Resources

                                                            Zoho Books Resources


                                                              Zoho Subscriptions Resources

                                                                Zoho Projects Resources


                                                                  Zoho Sprints Resources


                                                                    Qntrl Resources


                                                                      Zoho Creator Resources



                                                                          Zoho Campaigns Resources


                                                                            Zoho CRM Resources

                                                                            • CRM Community Learning Series

                                                                              CRM Community Learning Series


                                                                            • Kaizen

                                                                              Kaizen

                                                                            • Functions

                                                                              Functions

                                                                            • Meetups

                                                                              Meetups

                                                                            • Kbase

                                                                              Kbase

                                                                            • Resources

                                                                              Resources

                                                                            • Digest

                                                                              Digest

                                                                            • CRM Marketplace

                                                                              CRM Marketplace

                                                                            • MVP Corner

                                                                              MVP Corner





                                                                                Design. Discuss. Deliver.

                                                                                Create visually engaging stories with Zoho Show.

                                                                                Get Started Now


                                                                                  Zoho Show Resources


                                                                                    Zoho Writer Writer

                                                                                    Get Started. Write Away!

                                                                                    Writer is a powerful online word processor, designed for collaborative work.

                                                                                      Zoho CRM コンテンツ






                                                                                        Nederlandse Hulpbronnen


                                                                                            ご検討中の方





                                                                                                  • Recent Topics

                                                                                                  • Sort mail by name and subject

                                                                                                    I don't see sort function on columns FROM and Subject. I see only sort functio by date. Could add it ?
                                                                                                  • Zoho Creator monthly roundup - September 2024

                                                                                                    Hello all, We're back with an exciting set of new features and enhancements that will elevate your Creator experience even further. In case you missed it, we’ve recently revamped our Product Roadmap page, now with a refreshed design and showcasing all
                                                                                                  • Kiosk Studio Session #1: View paid customers in the same industry

                                                                                                    Update | 15 Oct 2024: Session #2 is now available here! Hello everyone! We're excited to launch our new series of posts on Kiosk Studio today. Called Kiosk Studio Sessions , these posts will be packed with actionable ideas to help you get the most out
                                                                                                  • Issues hosting Zoho Desk Web Form on SharePoint and/or Power BI

                                                                                                    Zoho Desk onboarding support has no experience with embedding their web form in either SharePoint or Power BI. Microsoft states that SharePoint and Power BI only support iframe HTML. And unfortunately, the web form embed code that Zoho generates is not
                                                                                                  • "Send with Zoho Sign" broken

                                                                                                    Our company uses hyphens in our file name conventions. Our users have been sending the files from other modules with the "Send with Zoho Sign" shortcut in the upper right buttons. Since around June 10, 2024, this stopped working. Our users can send the
                                                                                                  • Not able to change colors help center

                                                                                                    Hi. How can I change the orange color in the help center? You can change everything besides this font color And how can I remove the part on the bottom?
                                                                                                  • Transform Numeric Values using st, nd, rd, th or Convert Numerals to Ordinal Form - Deluge

                                                                                                    Please Use this sample Code This_Day_Date = zoho.currentdate.toString("dd"); value1 = "th"; if(This_Day_Date.right(1) ="1" && This_Day_Date != "11") { This_Day_Date = This_Day_Date+" "+"st"; } else if ( This_Day_Date.right(1) = "2" && This_Day_Date !=
                                                                                                  • Kaizen #166 - Handling Query Variables in Zoho CRM

                                                                                                    Hello, Code Enthusiasts! Welcome to another week of Kaizen! This week, we'll dive into handling variables in Zoho CRM Queries and see how they can be deployed in Kiosk to dynamically retrieve data. This technique is especially useful for integrating data
                                                                                                  • Automate User Invitations on Zoho Desk with API

                                                                                                    Automate User Invitations on Zoho Desk with API Hello Team, We are excited to announce that you can now automatically invite users to the Zoho Desk portal using the API! ### How It Works For example, when a contact is created in Zoho Desk and you enable
                                                                                                  • Is there a way to add clients who don't have organisation in Zoho Books/Payroll/Expense ?

                                                                                                    The Zoho Practice software is only allowing a total of 15 such clients who are not organisations in Zoho Books/Payroll/Expense. i.e. 5 organisation in each of the software by creating a new organization for them and adding the accountant as the admin
                                                                                                  • Email with attachments saving attachments into Zoho CRM from Zoho Mail

                                                                                                    Hi, I get a lot of emails from prospective clients asking if we would bid their project. Those projects usually have many documents associated with them that I link to.  I would like to have those documents be saved as an attachment in my Potential or Contact or Account. I don't see a way to do that that isn't multi-step. As of now I do the following: 1.) Open email 2.) If email sender isn't in my Zoho CRM database I enter them creating a Potential 3.) I download the attachment and save it to a different
                                                                                                  • Fixed assets recording

                                                                                                    Hello there, I recorded a bill for a vendor contain (Computer) so the PC is a fixed assets, do I need to do a manual journal to include this PC under the fixed assets category (furniture & equipment)? If yes, please take me through the manual journal
                                                                                                  • Multi-Select lookup field has reached its maximum??

                                                                                                    Hi there, I want to create a multi-select lookup field in a module but I can't select the model I want the relationship to be with from the list. From the help page on this I see that you can only create a max of 2 relationships per module? Is that true?
                                                                                                  • Zoho Sheet-Pulling in Data

                                                                                                    I have a module where we track POs, Bills etc (its easier for us this way). In this PO Module, we have a task related to a Job/Deal and various fields for costs. A Supplier on a Job might have several POs in this module for the job. I want to generate
                                                                                                  • Can't get ZFS file ID of a field via specific module record

                                                                                                    I have a `fileupload` field on a custom module that I need to replace the file for but I don't know how to get the ZFS ID from the module record. # Getting the current fileupload GET https://www.zohoapis.eu/crm/v7/<MODULE>/<ID> # Response { data: [{ //
                                                                                                  • Contemplating moving my site from WordPress to Zoho Sites

                                                                                                    Hi Everyone, We currently find ourselves in a situation where we ant to review and update our current sites content. We are small business owners, not developers. We currently use a wide range of Zoho products. We sometimes think about the possibility of either moving or just starting from scratch on Zoho Sites. I would like to know if anyone has done this and of course the things that need to be considered. We have spent quite a bit of time getting our current site positioned organically and I guess
                                                                                                  • Multiple Salesperson against an invoice

                                                                                                    Hello, Against a particular invoice, we have multiple sales people working. The reason we combine the invoice is becuase we are an exporter and often consolidate cargo for our customer to save them freight costs. How do I capture the contribution of each
                                                                                                  • Allow a brand to connect multiple facebook pages at the same time

                                                                                                    Our company have multiple facebook pages to represent, every branch, right now we can only link one facebook page, so we can only recive messages from one branch. It would be nice to be able to connect all pages.
                                                                                                  • 5名限定 課題解決型ワークショップイベント Zoho ワークアウト開催のお知らせ (12/19)

                                                                                                    ユーザーの皆さま、こんにちは。Zoho ユーザーコミュニティチームの藤澤です。 12月開催のZoho ワークアウトについてお知らせします。 ※定員に達したため、受付を終了しました。 ━━━━━━━━━━━━━━━━━━━━━━━━ Zoho ワークアウトとは? Zoho ユーザー同士で交流しながら、サービスに関する疑問や不明点の解消を目的とした「Zoho ワークアウト」を開催します。 Zoho サービスで完了させたい設定やカスタマイズ、環境の整備など……各自で決めた目標達成に向け、 他の参加者と同じ空間で作業を行うイベントです。先輩ユーザーや他の参加者と意見交換をしながら集中して作業に取り組むことが可能です。
                                                                                                  • Whatsapp reply not reflected under Tickets for offline agent

                                                                                                    Hi, We are encountering a situation where WA response from customer is not reflected under tickets (if the agent handling the case previously is not active due to off day/ MC). The ticket will remain in the offline agent's queue until agent is back to
                                                                                                  • Missing Folders on iPhone Zoho Mail

                                                                                                    Under mailboxes on my iPhone, I don't have an inbox, sent folder, deleted photo, etc. See pics.
                                                                                                  • Select CRM Custom Module in Zoho Creator

                                                                                                    I have a custom module added in Zoho CRM that I would like to link in Zoho creator.  When I add the Zoho CRM field it does not show the new module.  Is this possible?  Do i need to change something in CRM to make it accesible in Creator?
                                                                                                  • Send Whatsapp with API including custom placeholders

                                                                                                    Is is possible to initiate a session on whatsapp IM channel with a template that includes params (placeholders) that are passed on the API call? This is very usefull to send a Utility message for a transactional notification including an order number
                                                                                                  • Increase Round Robin Scheduler Frequency in Zoho Desk

                                                                                                    Dear Zoho Desk Team, We hope this message finds you well. We would like to request an enhancement to the Round Robin Scheduler in Zoho Desk to better address ticket assignment efficiency. Current Behavior At present, the Round Robin Scheduler operates
                                                                                                  • Separate One-Time Mentions from Ongoing Ticket Following in Zoho Desk

                                                                                                    Dear Zoho Desk Support Team, We are writing to request an enhancement to the mention functionality within Zoho Desk. Currently, when an agent is mentioned in a ticket, they receive notifications for all subsequent activity on that ticket, similar to being
                                                                                                  • Mass update Accounts in Zoho Desk

                                                                                                    We used the integration feature to bring in all of our accounts from Zoho CRM. While all of the names and links are in place, on the Zoho Desk side the email, phone, website, and address fields are blank. By going into each account I can select "Update
                                                                                                  • Vivaldi will not open the Zoho Mail app when I click a email link in the browser

                                                                                                    I'm running Vivaldi on Arch with the Plasma desktop and have under default applications Zoho Mail set as my default email client. Whenever I click a email link in Vivaldi I get the below when it should be launching Zoho. Any ideas on rectifying this issue?
                                                                                                  • Digital publisher

                                                                                                    Kinetic Digital Publisher provides comprehensive digital publishing services, including eBook creation, formatting, cover design, and marketing. We help authors publish and promote their work across online platforms with ease.
                                                                                                  • Time Zone Correction with Daylight Savings Time

                                                                                                    Hey, I'm writing a series of reports where the source data is synced from an external source which stores the date/time information in GMT, but I want the reports to be in local time. Now, I understand there is the CONVERT_TZ function which allows me
                                                                                                  • Load form in iframe without header

                                                                                                    I am trying to load a form into an iframe without the header, but I am not having any luck. I am using openUrl() to load the iframe with the form URL and zc_Header set to false, e.g. #Form:Add_Case?zc_Header=false but it is still loading the header. Any
                                                                                                  • Filter embedded report

                                                                                                    How to filter embedded report in a page, below code is not working. dateField => startDate & dateField=< endDate The report should print on page containing records from startDate to endDate. params='zc_Header=true&amp;Service_Date__gte=<%=startDate%>&amp;Service_Date__lte=<%=endDate%>'
                                                                                                  • Creator Simplified #5: Set file upload restrictions in Zoho Creator

                                                                                                    Hey Creators, Welcome to the next post in the Creator Simplified series. Today, we’ll explore how to implement file upload restrictions to limit user submissions to specific file types. By implementing an allowed list for file uploads, you can optimize
                                                                                                  • Field Type: Address, Change District/State to Dropdown with picklist??

                                                                                                    Using the Address Field type, is there a way to make the District/State field be a dropdown with a picklist so the users can select rather than type the state name every time? I know this can be done if I use a drowdown field for the State (or entire address information), but that isn't as tidy as using the address field type. I apologize if this is a duplicate. I posted this question the other day, or so I though. Can't find that post.
                                                                                                  • cutomized fields are not showing up in zoho creator from zoho crm

                                                                                                    We have customized fields in zoho crm under accounts module like "Last production upgrade" --> This field is a date. When created a solution in zoho creator i couldn't find any of the customized fields. Would you please help me on this matter? Thanks
                                                                                                  • How to Add Bulk Data in Zoho Creator Forms Using Deluge Without Exceeding Execution Time Limit

                                                                                                    I have a database form with a column named 'Product Name' containing 8000 values in a Zoho Creator form. In another form named 'Returns Data,' I have a column with the same name, 'Product Name.' How do I add these 8000 values to the 'Returns Data' form
                                                                                                  • Open New Free Zoho Account

                                                                                                    Hi Team, Do you guys offer a free email hosting? I do have a domain already. If yes, what is the process to open the new account? Thanks,
                                                                                                  • 554 5.7.1 : Recipient address rejected: user info@intimspace.de does not exist

                                                                                                    554 5.7.1 : Адрес получателя отклонен: пользователь info@intimspace.de не существует I can't send an email to Google at info@intimspace.de. An error comes. I entered everything correctly in DNS https://zohomail.tools/#domainDetails/intimspace.de/ALL
                                                                                                  • Emails going back unread

                                                                                                    Hi all, When in Zoho mail - when I recieve a new mail it puts back all emails read that day back to unread - I then have to go back through and open all emails I have already read! Gets very annoying... Any idea on the bug fix?
                                                                                                  • Been getting this error, every now and then "Get count limit exceeded, please try again after 3 mins"

                                                                                                    it is really annoying.
                                                                                                  • Constraints on Tasks

                                                                                                    We have a use case where we have certain fixed date tasks and need to schedule predecessor tasks around these. Predecessor tasks need to be completed with a lag before the fixed date. We should be able to schedule the start and end date for predecessor
                                                                                                  • Next Page