Introduction to MFA | MFA - Zoho Accounts

Introduction to multi-factor authentication (MFA)

Multi-factor authentication is used as an extra layer of security while signing in to your account. When you enable MFA, all your future sign-ins will require you to verify your identity to ensure that your account isn't accessed by unknown users. You can do this by enabling an MFA mode for your account. For example, if you enable SMS-based OTP, an OTP will be sent to your mobile number, which then needs to be entered when you sign in, thus ensuring that your account stays protected.

MFA modes

Zoho provides four MFA modes to choose from:
  1. OneAuth
    OneAuth is an industry standard multi-factor authentication app built by Zoho. It offers the following features:
    1. MFA for multiple Zoho accounts
    2. Passwordless sign-in
    3. Mobile SSO
    4. OTP authenticator for non-Zoho accounts
    5. Easy backup and recovery
            Learn more
  1. SMS-based OTP
    When you set SMS-based OTP as your MFA mode, a short-lived, single-use authentication code is sent to your mobile device as an SMS message, which you can use to verify your identity during sign-in.
    Learn more
  1. OTP authenticator
    An OTP authenticator generates unique codes in fixed time intervals. When you set an OTP authenticator as your MFA mode, you can use the OTP shown in the authenticator app to verify your identity during sign-in.
    Learn more
  1. YubiKey
    A YubiKey is a hardware device which can be inserted into your computer or laptop. When you configure a YubiKey for your account and set it as your MFA mode, you can insert it to verify your identity during sign-in.
    Learn more

MFA: Org-enforced vs. Self-configured

If you are an organization admin, you can enforce MFA for all the users in your organization. You can choose which modes need to be set up by the users and enforce them. After such policies are enforced, the users will be prompted to set up and sign in using MFA. Refer to your app's documentation to learn how to enforce security policies.

If you want to secure your personal Zoho account, you can enable one or more of the available MFA modes for your account. Check out the respective help articles to learn how to configure the different MFA modes. However, if you are a part of an organization that enforces MFA-related security policies for its users, you can only configure the modes that are allowed according to the policy.

Multi-mode MFA

You can configure multi-mode MFA by configuring at least two MFA modes for your account. With multi-mode MFA, you will have the flexibility to choose between different modes when you want to sign in to your account. You can set one of the modes as the primary MFA mode, and it will be the default mode when you try to sign in. You can choose the other modes to sign in if your primary mode is not currently available. See how to sign in using multi-mode MFA.

MFA and third party mail clients

If you are using your Zoho account in any third-party mail clients, such as Outlook or Thunderbird, you may encounter issues signing in to the app if it doesn't support multi-factor authentication (this more often results in an "incorrect password" error). This is because only entering your username and password in your client will not allow you to sign in as MFA verification cannot be done.

In such cases, you can generate application-specific passwords in Zoho and use them to sign in to your mail client. These application-specific passwords allow you to bypass MFA verification and let you sign in to the client with just your username and this application-specific password.

MFA lifetime

Normally, you will need to verify your identity using your MFA mode every time you sign in to your account. However, if you are signing in often from a trusted computer (such as your personal computer), you can avoid verifying through MFA by trusting your browser. By default, the MFA lifetime for a trusted browser (i.e., the duration you won't be asked for MFA) is 180 days. However, if you are part of an organization, your administrator may reduce the number of days or even restrict trusting a browser altogether by enforcing security policies.

Backup codes to recover access

If you lose access to the device that you use for MFA, you won't be able to sign in to your account. However, if you have saved backup verification codes beforehand, you can use them to recover your account in such cases. For this reason, it is essential for you to generate and save backup codes once you enable MFA fo your account. See how to generate backup codes and how to use them to recover your account.
  1. How to disable/re-enable MFA?
  2. What are trusted browsers and how to enable them?

    Redefine the way you work
    with Zoho Workplace

      Zoho DataPrep Personalized Demo

      If you'd like a personalized walk-through of our data preparation tool, please request a demo and we'll be happy to show you how to get the best out of Zoho DataPrep.

      Zoho CRM Training

        Create, share, and deliver

        beautiful slides from anywhere.

        Get Started Now


          Get started with Zoho Sign

          in a few quick steps!

          Download Help Guide





                    Secure your business
                    communication with Zoho Mail


                    Mail on the move with
                    Zoho Mail mobile application

                      Stay on top of your schedule
                      at all times


                      Carry your calendar with you
                      Anytime, anywhere




                              Zoho Sign Resources

                                Sign, Paperless!

                                Sign and send business documents on the go!

                                Get Started Now


                                    Zoho SalesIQ Resources



                                        Zoho TeamInbox Resources



                                                Zoho DataPrep Resources



                                                  Zoho DataPrep Demo

                                                  Get a personalized demo or POC

                                                  REGISTER NOW


                                                    Design. Discuss. Deliver.

                                                    Create visually engaging stories with Zoho Show.

                                                    Get Started Now











                                                                          • Related Articles

                                                                          • Multi-Mode MFA

                                                                            Introduction  Multi-mode MFA is an option wherein you can enable more than one MFA mode for your Zoho account. Zoho provides four modes to choose from: OneAuth, SMS-based OTP, app-based OTP (authenticator apps), and YubiKey. To enable multi-mode MFA, ...
                                                                          • YubiKey

                                                                            What is a YubiKey? YubiKeys represent the security keys developed by Yubico, which can be used to enable multi-factor authentication (MFA). YubiKeys don't require a battery to function and need no software installation to authenticate your accounts. ...
                                                                          • How do I enable MFA for my account?

                                                                            Sign in to your Zoho account. Click Multi-Factor Authentication. Select your preferred MFA mode. For your authentication needs, we suggest that you download OneAuth, our very own multi-factor authentication app, which offers four different MFA modes: ...
                                                                          • Set up OneAuth for your Zoho account

                                                                            Info: This article explains the working of OneAuth and how you can set it up to secure your Zoho account. If you don't have a Zoho account, but want to secure your other non-Zoho accounts, check out OneAuth's OTP Authenticator. How OneAuth works Zoho ...
                                                                          • Getting started with OneAuth

                                                                            What is OneAuth? OneAuth is a free industry-standard multi-factor authentication (MFA) app developed by Zoho for securing your Zoho accounts and social accounts such as Google, Facebook, and Twitter. Configuring MFA for your online accounts will ...
                                                                          Wherever you are is as good as
                                                                          your workplace

                                                                            Resources

                                                                            Videos

                                                                            Watch comprehensive videos on features and other important topics that will help you master Zoho CRM.



                                                                            eBooks

                                                                            Download free eBooks and access a range of topics to get deeper insight on successfully using Zoho CRM.



                                                                            Webinars

                                                                            Sign up for our webinars and learn the Zoho CRM basics, from customization to sales force automation and more.



                                                                            CRM Tips

                                                                            Make the most of Zoho CRM with these useful tips.



                                                                              Zoho Show Resources