Note : This article explains how you can use OneAuth to secure your non-Zoho accounts. If you want to secure your Zoho account using OneAuth, check out the article Set up OneAuth for your Zoho account.

1. Two factor verification for all your online accounts
2. Secure backup of OTP secrets to Zoho Cloud
3. Easy restoration of OTP secrets to new devices

How to secure an online account using OneAuth

                                                  OTP secret                                  OTPs

Online account settings ----------------------> OneAuth --------------------> For two-factor verification

1. Go to the security settings of the online account you want to secure.
2. Find the option to enable two-factor verification.
3. Select the OTP authenticator option.
4. A QR code/secret key will be displayed.

1. Download and install OneAuth on your device.
   
2. Open OneAuth and tap GUEST. If you have a Zoho account, sign in with it instead.
   
3. Go to the Authenticator tab.
4. Tap Add now.
5. Tap Scan a QR secret, allow access to the phone camera when prompted, then scan the QR code displayed on the online account's page. If you have trouble scanning the QR code, choose the Enter secret manually option instead, and enter the following details:
   
1. Issuer Name    : Name of the online account you want to secure (e.g., Facebook, Google)
2. Name               : Your username in that account (i.e., the one which you use to sign in)
3. Secret              : The 15-digit secret displayed on your online account's page.
   
6. Your account will be added and OTP will be displayed.
7. Enter this OTP when prompted by your online account's settings page.

To set up TFA for more accounts, tap  in the top-right corner.

Back up and restore OTP secrets

The reasons why you should back up the OTP secrets are:

1. The OTP secrets are unique to each online account you have. OneAuth uses these secrets to generate OTPs for your two-factor verification needs. If you lose access to the device in which OneAuth was installed, these secrets will be lost and you will not be able to access any of the online accounts you have secured with OneAuth.

1. The backup feature allows you to synchronize these secrets with multiple devices. You can set up secondary OneAuth devices, and use whichever is available to you.

What is required to back up OTP secrets?

1. (1) A Zoho account
   You will need to create a Zoho account to store the secrets. All your OTP secrets will be encrypted and backed up in this account. You can use this account to restore the stored secrets to new devices.

1. (2) Passphrase:
   You will need to set up a passphrase when backing up your secrets. This passphrase will be used to encrypt your OTP secrets and then these secrets will be stored in your account. When you want to restore your secrets to a new device, you will be asked to enter this passphrase. The reason for this encryption is to make sure that your OTP secrets are stored securely and not accessed by anyone (including Zoho). You should note that only the encrypted secrets will be stored by Zoho and not the passphrase. If you forget the passphrase, you will not be able to restore your secrets.

How to back up OTP secrets?

1. Open OneAuth on your mobile device.
2. Go to the Authenticator tab, then tap Backup Secrets.
3. You will be asked to set up a passphrase. Tap SET UP.
4. Enter a passphrase of your choice, then tap Next.
5. Re-enter the passphrase, then tap Done.

How to restore OTP secrets?

1. Install OneAuth on your new device and sign in with your Zoho account.
2. Go to the Authenticator tab.
3. Tap Restore Secrets. You will be asked to enter your passphrase.
4. Enter the passphrase, then tap RESTORE.

How to change passphrase?

Important note:

For security reasons, when you change your passphrase:

1. All the previously backed up secrets will be deleted from Zoho Cloud. They will not be deleted from the device you're currently using to change the passphrase.
   
2. The current secrets present in the device on which you change the passphrase will be backed up fresh to Zoho Cloud.

Make sure you change your passphrase from the device which has all the required secrets, because only the secrets present on that device will be backed up and the rest present on other devices will be deleted permanently.

1. Open OneAuth on your mobile device.
2. Go to the Settings tab, then tap Recovery.
3. Tap Edit below the passphrase.
4. Enter a new passphrase, then tap Next.
5. Re-enter the passphrase, then tap Done.

Export and import accounts

Note: You can only export and import accounts in the OneAuth app, and not from any other authenticator apps.

If you are a signed-in user and have already backed up your OTP accounts, you can use the passphrase to restore them. If you haven't backed up your OTP accounts, but have your old device in hand, you can back up the accounts from your old device and restore them to your new device. Click here for the steps to back up and restore accounts.

If you do not want to back up and restore accounts, you can export the OTP accounts from your old device and import them to your new device. You can do this even if you're not signed in to OneAuth or connected to the internet. 

Info: However, it is recommended to backup and restore accounts. See why.

Step 1: Export the accounts from your old device:

1. Open OneAuth and go to the Authenticator  tab.
2. Tap  , then tap Export.
3. Select the accounts that you want to export, then tap Export. Depending on the number of OTP accounts, one or more QR codes will be displayed. A verification code will also be displayed. If there are multiple QR codes, the verification code will be displayed below the last QR code.
   

Step 2: Import the accounts to your new device:

1. Install OneAuth on your new device.
2. Go to the Authenticator  tab.
3. Tap , then tap Import. Instructions to import will be shown.
4. Tap Scan QR.
5. Scan the QR code displayed on your old mobile device. 
6. To complete the import, enter the verification code that is displayed on your old device. If there are multiple QR codes, the verification code will be displayed below the last QR code.
   

More

1. How to add secondary devices?
2. How to recover OneAuth if you lose access to it?