Deprecation of SMS-based multi-factor authentication (MFA) mode - Zoho Security

Deprecation of SMS-based multi-factor authentication (MFA) mode - Zoho Security

Overview of SMS-based OTP MFA mode 

The SMS-based OTP MFA method involves the delivery of a one-time password to a user's mobile phone via SMS. The user receives the OTP on their mobile phone and enters it to sign into their account.

SMS-based OTPs offer convenience due to their accessibility; nearly everyone possesses a mobile phone and SMS-based OTPs arrive quickly, allowing for easy and secure authentication.

However, there are some other considerations and security risks that make the SMS-based OTP one of the least preferable options for multi-factor authentication. Hence, we’ve decided to deprecate it as an MFA mode.

Reasons for deprecation 

SMS-based OTPs are susceptible to various attacks, including phishing, SIM swapping, and signaling system 7.

Phishing attack: Scammers send fake messages with links to websites that resemble our sign-in page. For example:
They trick you into entering your login details and OTPs. If you do, scammers can access your account, putting your personal information and security at risk.

SIM swapping: By knowing your phone number, a scammer can contact your telecom provider's customer service and request to transfer your phone number to a new SIM card, giving them access to your accounts and personal data without your consent.

Signaling system 7 attack: A hacker can spy on you via the cell phone signaling system, where they can listen to calls, intercept text messages, and track your phone's location, leading to serious security risks.

Considering the security threats in SMS-based OTPs and the guidelines on implementing phishing-resistant MFA given by the Cybersecurity & Infrastructure Security Agency (CISA) of the United States government, we deprecated the SMS-based OTP MFA mode.

➤ Current status
     Deprecation of SMS-based OTP MFA mode for all users who signed up after January 1, 2024.

➤ Upcoming plan
     Migration of existing users and organizations currently enforcing SMS-based OTP MFA to alternate MFA modes.  

Alternate MFA modes

If you’re an organization admin, you can set up a different MFA mode for your organization in the security policies. If you’re a personal user, you can go to the multi-factor authentication section at accounts.zoho.com and set up any of the MFA modes described below.
  • OneAuth (recommended)
    Zoho OneAuth is a multi-factor authentication app that you can use to secure your Zoho account as well as third-party accounts, including Google, Facebook, and Microsoft. With OneAuth, you can set up any of the three authentication modes: push notifications, time-based OTPs, and QR codes.

  • OTP authenticator
    OTP authenticators are apps you can use to set up MFA for your account. These apps generate new OTPs in duration you set, which you can use to sign in to your account.
    Learn how to set up an OTP authenticator.

  • Security key
    A security key is a hardware device that you link to your account to enable multi-factor authentication. Once linked, you'll need to use this key each time you sign in to verify your identity.
    Learn how to set up the security key.
If you have any questions, please write to us at support@zohoaccounts.com.



      • Sticky Posts

      • Deprecation of SMS-based multi-factor authentication (MFA) mode

        Overview of SMS-based OTP MFA mode The SMS-based OTP MFA method involves the delivery of a one-time password to a user's mobile phone via SMS. The user receives the OTP on their mobile phone and enters it to sign into their account. SMS-based OTPs offer

        • Recent Topics

        • Problem with multiple pages record template

          Hi, I have a record template with multiple pages. When I print, it has gaps between pages. How can i fix it?

        • Field Update: can't find a custom multi-line text field in the options list

          I want to update a custom text field (large size multi-line: 32000 characters) that I have added in the Accounts module using this functionality https://help.zoho.com/portal/en/kb/crm/automate-business-processes/actions/articles/field-updates , but I

        • Zoho One Datensicherung möglich

          Gibt es eine Zoho One Datensicherung über alle Apps mit eindeutigen Datensatz-Id´s eines Kontaktes in allen Apps und mit allen Bildern (insbesondere Artikel-Bilder)? Wir haben festgestellt, dass die Zoho Books Datensicherung keine Bilder sichert. Und

        • Pop Up

          Hello, I want to automatically display the information of the attached data in the product module in the related list section of my data in the lead module when the current time matches the "Call Time" field of my data in the leads module. How can I achieve

        • New feature alert: Witness signing is now available in Zoho Sign

          Hello! Getting documents signed with confidence in Zoho Sign just got a major boost! We're delighted to introduce witness signing, where other individuals or entities can be designated as witnesses to observe the signing process and add their signatures

        • How to report and analyze a multi-select field entries distinctly ?

          As many of CRM users I have many multi-select fields that allows me to choose more than one chose in one cell for a specific filed Like: Field A - A;BC - A;C -B;C But when reporting the field it will handle each cell as a "String" not multiple entries

        • Get the capability to convert documents to different formats

          Hello users, In this article, we'll be exploring the Conversion API in Zoho Office Integrator to understand how it can be used to convert documents to different formats right from your web app. Before we get to the details of the Conversion API, here's

        • Issues with certain CRM, Desk & webhook blocks in Guided Conversations

          Good day I have been attempting to add a block on our guided conversations, which give our customers relavent information based on their queries. The issue is that when I attempt to use a block that fetches data I get the following error popup: Cannot

        • Use Zoho Creator as a source for merge templates in Zoho Writer

          Hello all! We're excited to share that we've enhanced Zoho Creator's integration with Zoho Writer to make this combination even more powerful. You can now use Zoho Creator as a data source for mail merge templates in Zoho Writer. Making more data from

        • Can't delete/hide related lists

          Hi, Maybe I'm missing something, but I can't seem to find where I delete or hide related lists in a module. When I go to a record and click the little arrow on the right next to the related list, I only get the option to select what fields in that list

        • Make Widgets Clickable or Copiable

          Hi, I created a KPI Widget in Zoho Analytics whose content I would like the users that see my dashboard could copy or click and be redirected elsewhere. Yes, I'm aware I can create a Text Box for that instead of a Widget, but the problem is that the link

        • Address Autofill

          Hi I'm having issues with the address autofill tutorial (https://zurl.co/rGXQ). I have followed each step in the tutorial, but when i paste the code into a workflow/function, i'm getting the following error code: Improper code format Correct format :

        • Sync custom module ID to Lead module

          Hello, I am trying to sync Contract ID (custom module) from Deal module. I have an existing function that whenever a contract is created, it will automatically creating deals based on the frequency of the contract. Now i am having problem to show the

        • In Kiosk, please support "File upload field" in the "Field Update" action

          Hello. Supporting "File upload field" in the "Field Update" actions would be a great addition to Kiosk Studio. I would appreciate it if you could evaluate it. Saludos,

        • can I link a contacts to multiple accounts

          can I link a contacts to multiple accounts

        • Change Last Name to not required in Leads

          I would like to upload 500 target companies as leads but I don't yet have contact people for them. Can you enable the option for me to turn this requirement off to need a Second Name? Moderation update (10-Jun-23): As we explore potential solutions for

        • For security reasons your account has been blocked as you have exceeded the maximum number of requests per minute that can originate from one account.

          Hello Zoho Even if we open 10-15 windows in still we are getting our accounts locked with error " For security reasons your account has been blocked as you have exceeded the maximum number of requests per minute that can originate from one account. "

        • Launching CPQ for Zoho CRM! An in-built solution for bespoke quote management

          Hello everyone, We are thrilled to announce the public release of CPQ (Configure, Price, Quote) for Zoho CRM, which is a fundamental block in sales management. NOTE: CPQ was a public early access feature from March 2023 — January 2024. Since February

        • Power of Automation :: Automatically set the dependency between Parent task and the respective sub tasks

          A custom function is a software code that can be used to automate a process and this allows you to automate a notification, call a webhook, or perform logic immediately after a workflow rule is triggered. This feature helps to automate complex tasks and

        • Spell Check default language

          Hello All, Is it possible to set the Spell Check default language? I can't find it in the settings. Thanks a lot! Levente

        • Function #4: Schedule Customer Statements

          Regularly sending statements to customers is an imperative part of many business processes as it helps foster strong customer relationships and provides timely guidance on payments. While you can generate the statement of accounts and have it sent over

        • Music files on Zoho Docs

          1) Uploaded a ma3 music file from Itunes.  When I click on the link, i go to the page and see a music player but it doesn't play.  Clicking on the play arrow does nothing.  How to fix???? 2) Also, when i put up a .zip file  and goto the page, anyone download it.  That's fine. But with a music file, all I get is that non functional player with no way to simply download the song. Do I have to zip every song so it can be downloaded?

        • Restrict Employees Access to Zoho Support

          Dear Zoho Support Team, Greetings! I am the focal point for all Zoho-related matters in our organization, and I would like to request the following features to help us streamline and centralize our support interactions. We request that zoho one support

        • How to import timesheets or entries into a projecgt

          How can one import timesheets into a project via a csv file?

        • Issues with Agent Forwarding Card in Zobot

          I implemented an Agent Forwarding Card in a Zobot that I created. There are a few issues with the way the card functions in an actual chat. The way it is designed right now is not easy to use and is not intuitive. Here are a few of the issues I have with

        • Automatic License Management Upon User Deactivation in Zoho One

          Dear Zoho Team, We would like to propose a feature enhancement for Zoho One regarding license management. Currently, when a user is deactivated, their license is not automatically downgraded or removed from our account. Zoho explains this behavior by

        • Shared Snippets Everyone

          Hi, Now that the Shared Snippets have been released and I think will be the most used feature implemented in 2023 :) Creating and Using Snippets in Ticket Responses - Online Help | Zoho Desk Maintain consistency in ticket responses with shared snippets

        • Introducing parent-child ticketing in Zoho Desk [Early access]

          Hello Zoho Desk users! We have introduced the parent-child ticketing system to help customer service teams ensure efficient resolution of issues involving multiple, related tickets. You can now combine repetitive and interconnected tickets into parent-child

        • How to suppress display of "USD" of currency field?

        • When is Zoho Vault getting fuzzy search?

          Seeing posts on here dating back as far as 3 years complaining about Vaults search functionality. It’s terrible. Please include fuzzy search, and sorting of results according to “most applicable”; not just alphabetically.

        • Automation#22 Track Ticket Duration at Specific Status

          Hello Everyone! Welcome back to the Community Learning Series! Today, we explore how Zylker Techfix, a gadget servicing firm, boosted productivity by tracking the time spent at a particular ticket status in Zoho Desk. Zylker Techfix customized Zoho Desk’s

        • Self-Support Portal invites

          I'm a one man operation and I'm using the free version of the Zoho Desk for now, but I am in need of help. When I do test tickets, I get a reply from the system inviting me to join the Self Service portal. I don't plan on using that, so I wonder if there

        • Tip #10: Automatically add tags to Zoho CRM records using form responses

          You may be using tags to filter records, create reports based on specific tags, or let your sales team to know which clients to give priority to. Don't skip tagging for the crm records added via forms. The tags can be set to be automatically captured during the form submission. How it works When you set up a configuration to push form entries into CRM, you can add a tag to them automatically. The tag value can vary based on the respondent's input (captured using form fields), or you can include a

        • Understanding response time

          We have the following set up for our SLA. When a contact first writes in, the response due and resolution due dates are set. When one of our agents responses, the response due goes away. When a ticket gets a response from the contact, it appears to reset

        • Publish multiple languages at once in Knowledge Base

          Does anyone know if it is possible to publish multiple translated articles at the same time? My knowledge base has about 35 languages, and while I have them set up to automatically translate, I still have to go in and select each language and manually

        • Canvas and Related lists

          Hi, As much as I like canvas, when adding in a asection with related lists,it doesnt mimic the same functionality as the standard view within the CRM e.g left hand panel will show the module and total number of records. Is there a way of indicating this

        • Email address ZOHO suggestions in replying - how to delete unwanted suggestions?

          Hi, I have some "unwanted" email addresses suggestions by ZOHO, and made some mistakes by replying for some tickets already. How can I clear this in ZOHO directly, I deleted all web browser history and cookies . Did not help :/ Below example, where one

        • Subform edits don't appear in parent record timeline?

          Is it possible to have subform edits (like add row/delete row) appear in the Timeline for parent records? A user can edit a record, only edit the subform, and it doesn't appear in the timeline. Is there a workaround or way that we can show when a user

        • Zoho Learn vs. Trainer Central

          Hi, I'm currently using Zoho One with a WordPress-based website and WooCommerce to manage my online courses. I would like to know what is the difference between Zoho Learn and Trainer Central and if it's possible for these two platforms to replace WP

        • How to Display a Logo Image on a Public Form?

          I would like to display a logo image in the header of a form. To achieve this, I added an Add Notes field to the form. The code below works perfectly for Zoho users accessing the form. However, when the form is made public, the image does not load properly:

        • Next Page