What is a YubiKey?
YubiKeys represent the security keys developed by
Yubico, which can be used to enable multi-factor authentication (MFA). YubiKeys don't require a battery to function and need no software installation to authenticate your accounts.
How YubiKeys work?
First, you will have to register your YubiKey with your Zoho account. After registering, when you try to sign in to your account, you will be prompted to verify using your YubiKey. When prompted, you will either need to insert the YubiKey on to your device's port and tap its gold disc, or connect via NFC to verify. Once verification is complete, you will be signed in to your account.
YubiKey in Zoho: Points to note
- Zoho supports both FIDO U2F and FIDO2-based YubiKeys
- You can register multiple YubiKeys for your Zoho account, and use anyone of them to sign in.
- You can also register the same YubiKey with multiple Zoho accounts and use it to sign in to them.
- You can also sign in to your mobile devices by connecting your YubiKey through the device's port or through NFC.
Supported devices
FIDO U2F and FIDO2-based YubiKeys are supported in Zoho.
How to register an YubiKey with Zoho account?
Requirements
- A FIDO U2F or FIDO2-based YubiKey
- A supported browser and device
Steps to register
- Sign in at accounts.zoho.com.
- Click Multi-Factor Authentication in the left menu.
- Click Set up Now under YubiKey.
- If you are registering on a computer:
- Insert it into the USB port of your computer.
- Click Next.
- Wait for the YubiKey to blink, then tap its gold disc.
If you are registering on a mobile device, you can connect your YubiKey either via device's port or through NFC. Follow the on-screen instructions to connect and register.
- Name your YubiKey, then click Configure.
- Sign out of your Zoho Account and sign in back to confirm that YubiKey authentication is enabled.
Using these steps, you can configure multiple YubiKeys for your account.
How to set YubiKey as primary MFA mode?
If you have configured multiple MFA modes for your account, you can set one of them as your primary MFA mode. When you try to sign in, your primary mode will be the default mode for authentication.
To set YubiKey as primary MFA mode:
- Sign in at accounts.zoho.com.
- Click Multi-Factor Authentication in the left menu.
- Click MAKE PRIMARY next to YubiKey.
- Click Confirm.
How to sign in using YubiKey?
If YubiKey is your primary MFA mode, follow the steps to sign in:
- Go to the Zoho sign-in page.
- Enter your email address, then click NEXT.
- Enter your password, then click SIGN IN.
- If you are signing in on a computer:
- Insert it into the USB port of your computer.
- Click Next.
- Wait for the YubiKey to blink, then tap its gold disc.
If you are signing in on a mobile device, you can connect your YubiKey either via device's port or through NFC. Follow the on-screen instructions to connect and authenticate.
Note : If you are using a mail client, you may have issues signing in to it once you enable MFA (in most cases, "incorrect password" error will be shown). This is because your mail client doesn't support MFA. In this case, you can use application-specific passwords to bypass MFA and sign in to your mail client.
How to recover account if YubiKey is not accessible?
If you can't sign in to your account due to issues with your YubiKey, then you can recover access to your account using your previously-generated
backup verification codes.
If you haven't generated backup codes previously or lost them, contact our support team at
support@zohoaccounts.com. After verifying your identity, you will be provided with a backup code to sign in to your account.
Related articles
- How to use application passwords for mail clients
- How to disable/re-enable MFA
- MFA: Frequently asked questions
- MFA: Troubleshooting