Introduction to multi-factor authentication (MFA)
Multi-factor authentication is used as an extra layer of security
while signing in to your account. When you enable MFA, all your future
sign-ins will require you to verify your identity to ensure that your
account isn't accessed by unknown users. You can do this by enabling an
MFA mode for your account. For example, if you enable SMS-based OTP, an
OTP will be sent to your mobile number, which then needs to be entered
when you sign in, thus ensuring that your account stays protected.
MFA modes
Zoho provides four MFA modes to choose from:
- OneAuth
OneAuth is an industry standard multi-factor authentication app built by Zoho. It offers the following features: - MFA for multiple Zoho accounts
- Passwordless sign-in
- Mobile SSO
- OTP authenticator for non-Zoho accounts
- Easy backup and recovery
- SMS-based OTP
When you set SMS-based OTP as your MFA mode, a short-lived, single-use authentication code is sent to your mobile device as an SMS message, which you can use to verify your identity during sign-in.
Learn more
Note: For users who registered after January 1, 2024, SMS-based OTP won't be provided as an MFA option. This is due to the susceptibility of SMS-based OTP to various security threats like phishing, SS7 and SIM swapping attacks.
- OTP authenticator
An OTP authenticator generates unique codes in fixed time intervals. When you set an OTP authenticator as your MFA mode, you can use the OTP shown in the authenticator app to verify your identity during sign-in.
Learn more
- Security key
A security key is a hardware device which can be inserted into your computer or laptop. When you configure a security key for your account and set it as your MFA mode, you can insert it to verify your identity during sign-in.
Learn more
MFA: Org-enforced vs. Self-configured
If
you are an organization admin, you can enforce MFA for all the users in
your organization. You can choose which modes need to be set up by the
users and enforce them. After such policies are enforced, the users will
be prompted to set up and sign in using MFA. Refer to your app's
documentation to learn how to enforce security policies.
If
you want to secure your personal Zoho account, you can enable one or
more of the available MFA modes for your account. Check out the respective help articles to learn how to configure the different MFA modes. However, if you are a
part of an organization that enforces MFA-related security policies for
its users, you can only configure the modes that are allowed according
to the policy.
Multi-mode MFA
You
can configure multi-mode MFA by configuring at least two MFA modes for
your account. With multi-mode MFA, you will have the flexibility to
choose between different modes when you want to sign in to your account.
You can set one of the modes as the primary MFA mode,
and it will be the default mode when you try to sign in. You can choose
the other modes to sign in if your primary mode is not currently
available. See how to sign in using multi-mode MFA.
MFA and third party mail clients
If
you are using your Zoho account in any third-party mail clients, such
as Outlook or Thunderbird, you may encounter issues signing in to the
app if it doesn't support multi-factor authentication (this more often
results in an "incorrect password" error). This is because only entering
your username and password in your client will not allow you to sign in
as MFA verification cannot be done.
In such cases, you can generate application-specific passwords in Zoho and use them to sign in to your mail client. These
application-specific passwords allow you to bypass MFA verification and
let you sign in to the client with just your username and this
application-specific password.
MFA lifetime
Normally,
you will need to verify your identity using your MFA mode every time
you sign in to your account. However, if you are signing in often from a
trusted computer (such as your personal computer), you can avoid
verifying through MFA by trusting your browser.
By default, the MFA lifetime for a trusted browser (i.e., the duration
you won't be asked for MFA) is 180 days. However, if you are part of an
organization, your administrator may reduce the number of days or even
restrict trusting a browser altogether by enforcing security policies.
Backup codes to recover access
If you lose access to the device that you use for MFA, you won't be able to sign in to your account. However, if you have saved backup verification codes beforehand, you can use them to recover your account in such cases. For
this reason, it is essential for you to generate and save backup codes
once you enable MFA fo your account. See how to generate backup codes and how to use them to recover your account.
Related articles
Zoho CRM Training Programs
Learn how to use the best tools for sales force automation and better customer engagement from Zoho's implementation specialists.
Zoho DataPrep Personalized Demo
If you'd like a personalized walk-through of our data preparation tool, please request a demo and we'll be happy to show you how to get the best out of Zoho DataPrep.
- Zoho Workerly Home
- Forums
- Connect With Us:
- Zoho Recruit Home
- Forums
- Connect With Us:
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Zoho Marketing Plus?
Everything you need to run your marketing
You are currently viewing the help pages of Qntrl’s earlier version. Click here to view our latest version—Qntrl 3.0's help articles.
New to Zoho Survey?
Zoho Sheet Resources
Zoho Forms Resources
New to Zoho Sign?
Zoho Sign Resources
Sign, Paperless!
New to Zoho TeamInbox?
Zoho TeamInbox Resources
New to Zoho ZeptoMail?
Zoho DataPrep Resources
Design. Discuss. Deliver.
New to Zoho Workerly?
New to Zoho Recruit?
New to Zoho CRM?
New to Zoho Projects?
New to Zoho Sprints?
New to Zoho Assist?
New to Bigin?
Related Articles
Multi-Mode MFA
Introduction Multi-mode MFA is an option wherein you can enable more than one MFA mode for your Zoho account. Zoho provides four modes to choose from: OneAuth, SMS-based OTP, app-based OTP (authenticator apps), and Security key. To enable multi-mode ...Security key
What is a security key? Security key is a hardware device that can be used to enable multi-factor authentication (MFA). They don't require a battery to function and need no software installation to authenticate your accounts. How security keys work? ...Troubleshoot MFA related issues
Introduction If you have set up multi-factor authentication (MFA ) to protect your Zoho account and have issues signing into your account, we will help you regain your account access. The first thing you need to do after regaining account access is ...What is an OTP authenticator in Zoho OneAuth?
One-time Passcode (OTP) authenticator is Zoho OneAuth's in-built two-factor authentication (TFA) module. You can use the OTP authenticator to secure your business and social accounts like Google, Microsoft, or Facebook. You can also use the OTP ...Secure non-Zoho accounts using OneAuth's OTP authenticator
Note : This article explains how you can use OneAuth to secure your non-Zoho accounts. If you want to secure your Zoho account using OneAuth, check out the article Set up OneAuth for your Zoho account. Using OneAuth's OTP authenticator, you can ...
New to Zoho LandingPage?
Zoho LandingPage Resources