Understanding 2FA Secrets and Passphrases in Zoho OneAuth

What is a 2FA Secret?

What is a 2FA secret?

A 2FA (Two-Factor Authentication) secret is a unique alphanumeric code that is shared as a QR code or a secret key, generated by an online service (such as email accounts, social media platforms, cloud services, or financial apps) when you enable two-step verification for your account.

How does Zoho OneAuth use the 2FA secret?

In the Zoho OneAuth app, you can add your online 2FA (non-Zoho) accounts by scanning a QR code, uploading a QR code, or entering the secret key manually. This securely links your online 2FA account with OneAuth.

Once linked, OneAuth uses the 2FA secret to generate a time-based one-time password (TOTP). These codes are usually 6 digits in length, but some services may use 7 or 8 digits, all of which are supported by OneAuth. These codes refresh automatically at regular intervals and are required when you sign in to your account.

Info
To learn more, refer to Add 2FA accounts to OneAuth.