Note : This article explains how you can use OneAuth to secure your non-Zoho accounts. If you want to secure your Zoho account using OneAuth, check out the article
Set up OneAuth for your Zoho account.
Using OneAuth's OTP authenticator, you can secure your non-Zoho accounts such as Google, Facebook, and Microsoft (via two factor verification). Once you have configured OneAuth as an OTP authenticator for your online third-party accounts, OneAuth will generate OTP codes that you can use to sign in to those accounts.
OneAuth's OTP authenticator has the following features:
- Two factor verification for all your online accounts
- Secure backup of OTP secrets to Zoho Cloud
- Easy restoration of OTP secrets to new devices
How to secure an online account using OneAuth
To secure an online account, you need to get an OTP secret from that account and use it to add that account in OneAuth. This OTP secret will be used by OneAuth to generate OTPs, which in turn can be used to sign in to that online account.
OTP secret OTPs
Online account settings ----------------------> OneAuth --------------------> For two-factor verification
Step 1: Get OTP secret (generic instructions)
- Go to the security settings of the online account you want to secure.
- Find the option to enable two-factor verification.
- Select the OTP authenticator option.
- A QR code/secret key will be displayed.
Step 2: Add the online account in OneAuth
- Download and install OneAuth on your device.
- Open OneAuth and tap GUEST. If you have a Zoho account, sign in with it instead.
- Go to the Authenticator tab.
- Tap Add now.
- Tap Scan a QR secret, allow access to the phone camera when prompted, then scan the QR code displayed on the online account's page. If you have trouble scanning the QR code, choose the Enter secret manually option instead, and enter the following details:
- Issuer Name : Name of the online account you want to secure (e.g., Facebook, Google)
- Name : Your username in that account (i.e., the one which you use to sign in)
- Secret : The 15-digit secret displayed on your online account's page.
- Your account will be added and OTP will be displayed.
- Enter this OTP when prompted by your online account's settings page.
Once you have set up OneAuth with your online account and enabled TFA, you can use the OTP
displayed in OneAuth to verify yourself whenever you want to sign in to that account.
To set up TFA for more accounts, tap
in the top-right corner.
Back up and restore OTP secrets
In OneAuth, you can securely back up all your OTP secrets to Zoho Cloud and restore them whenever you need.
The reasons why you should back up the OTP secrets are:
- The OTP secrets are unique to each online account you have. OneAuth uses these secrets to generate OTPs for your two-factor verification needs. If you lose access to the device in which OneAuth was installed, these secrets will be lost and you will not be able to access any of the online accounts you have secured with OneAuth.
- The backup feature allows you to synchronize these secrets with multiple devices. You can set up secondary OneAuth devices, and use whichever is available to you.
What is required to back up OTP secrets?
- (1) A Zoho account
You will need to create a Zoho account to store the secrets. All your OTP secrets will be encrypted and backed up in this account. You can use this account to restore the stored secrets to new devices.
- (2) Passphrase:
You will need to set up a passphrase when backing up your secrets. This passphrase will be used to encrypt your OTP secrets and then these secrets will be stored in your account. When you want to restore your secrets to a new device, you will be asked to enter this passphrase. The reason for this encryption is to make sure that your OTP secrets are stored securely and not accessed by anyone (including Zoho). You should note that only the encrypted secrets will be stored by Zoho and not the passphrase. If you forget the passphrase, you will not be able to restore your secrets.
How to back up OTP secrets?
First, create a Zoho account by going to the Upgrade tab, then tap Create a free Zoho Account. If you already have a Zoho account, sign in with it instead.
After you have signed in, follow the steps below to backup your secrets:
- Open OneAuth on your mobile device.
- Go to the Authenticator tab, then tap Backup Secrets.
- You will be asked to set up a passphrase. Tap SET UP.
- Enter a passphrase of your choice, then tap Next.
- Re-enter the passphrase, then tap Done.
When you add new online accounts to OneAuth, their secrets will be backed up at regular intervals automatically. To manually back up your secrets, pull down from the top in Authenticator tab.
How to restore OTP secrets?
- Install OneAuth on your new device and sign in with your Zoho account.
- Go to the Authenticator tab.
- Tap Restore Secrets. You will be asked to enter your passphrase.
- Enter the passphrase, then tap RESTORE.
Once you tap RESTORE, all the previously backed up and encrypted secrets will be decrypted using your passphrase and will be restored to your current device from the cloud.
How to change passphrase?
Important note:
For security reasons, when you change your passphrase:
- All the previously backed up secrets will be deleted from Zoho Cloud. They will not be deleted from the device you're currently using to change the passphrase.
- The current secrets present in the device on which you change the passphrase will be backed up fresh to Zoho Cloud.
Make sure you change your passphrase from the device which has all the required secrets, because only the secrets present on that device will be backed up and the rest present on other devices will be deleted permanently.
To change passphrase:
- Open OneAuth on your mobile device.
- Go to the Settings tab, then tap Recovery.
- Tap Edit below the passphrase.
- Enter a new passphrase, then tap Next.
- Re-enter the passphrase, then tap Done.
Export and import accounts
Note: You can only export and import accounts in the OneAuth app, and not from any other authenticator apps.
If you are a signed-in user and have already backed up your OTP accounts, you can use the passphrase to restore them. If you haven't backed up your OTP accounts, but have your old device in hand, you can back up the accounts from your old device and restore them to your new device. Click
here for the steps to back up and restore accounts.
If you do not want to back up and restore accounts, you can export the OTP accounts from your old device and import them to your new device. You can do this even if you're not signed in to OneAuth or connected to the internet.
Info: However, it is recommended to backup and restore accounts.
See why.
Step 1: Export the accounts from your old device:
- Open OneAuth and go to the Authenticator tab.
- Tap , then tap Export.
- Select the accounts that you want to export, then tap Export. Depending on the number of OTP accounts, one or more QR codes will be displayed. A verification code will also be displayed. If there are multiple QR codes, the verification code will be displayed below the last QR code.
Step 2: Import the accounts to your new device:
- Install OneAuth on your new device.
- Go to the Authenticator tab.
- Tap , then tap Import. Instructions to import will be shown.
- Tap Scan QR.
- Scan the QR code displayed on your old mobile device.
- To complete the import, enter the verification code that is displayed on your old device. If there are multiple QR codes, the verification code will be displayed below the last QR code.
More
- How to add secondary devices?
- How to recover OneAuth if you lose access to it?