Deprecation of SMS-based multi-factor authentication (MFA) mode

Deprecation of SMS-based multi-factor authentication (MFA) mode

Overview of SMS-based OTP MFA mode 

The SMS-based OTP MFA method involves the delivery of a one-time password to a user's mobile phone via SMS. The user receives the OTP on their mobile phone and enters it to sign into their account.

SMS-based OTPs offer convenience due to their accessibility; nearly everyone possesses a mobile phone and SMS-based OTPs arrive quickly, allowing for easy and secure authentication.

However, there are some other considerations and security risks that make the SMS-based OTP one of the least preferable options for multi-factor authentication. Hence, we’ve decided to deprecate it as an MFA mode.

Reasons for deprecation 

SMS-based OTPs are susceptible to various attacks, including phishing, SIM swapping, and signaling system 7.

Phishing attack: Scammers send fake messages with links to websites that resemble our sign-in page. For example:
They trick you into entering your login details and OTPs. If you do, scammers can access your account, putting your personal information and security at risk.

SIM swapping: By knowing your phone number, a scammer can contact your telecom provider's customer service and request to transfer your phone number to a new SIM card, giving them access to your accounts and personal data without your consent.

Signaling system 7 attack: A hacker can spy on you via the cell phone signaling system, where they can listen to calls, intercept text messages, and track your phone's location, leading to serious security risks.

Considering the security threats in SMS-based OTPs and the guidelines on implementing phishing-resistant MFA given by the Cybersecurity & Infrastructure Security Agency (CISA) of the United States government, we deprecated the SMS-based OTP MFA mode.

➤ Current status
     Deprecation of SMS-based OTP MFA mode for all users who signed up after January 1, 2024.

➤ Upcoming plan
     Migration of existing users and organizations currently enforcing SMS-based OTP MFA to alternate MFA modes.  

Alternate MFA modes

If you’re an organization admin, you can set up a different MFA mode for your organization in the security policies. If you’re a personal user, you can go to the multi-factor authentication section at accounts.zoho.com and set up any of the MFA modes described below.
  • OneAuth (recommended)
    Zoho OneAuth is a multi-factor authentication app that you can use to secure your Zoho account as well as third-party accounts, including Google, Facebook, and Microsoft. With OneAuth, you can set up any of the three authentication modes: push notifications, time-based OTPs, and QR codes.

  • OTP authenticator
    OTP authenticators are apps you can use to set up MFA for your account. These apps generate new OTPs in duration you set, which you can use to sign in to your account.
    Learn how to set up an OTP authenticator.

  • Security key
    A security key is a hardware device that you link to your account to enable multi-factor authentication. Once linked, you'll need to use this key each time you sign in to verify your identity.
    Learn how to set up the security key.
If you have any questions, please write to us at support@zohoaccounts.com.


Update (December 26, 2025) - Announcement page to be shown for administrators

We’re adding a new announcement page during sign-in to help organization admins currently enforcing SMS-based OTP switch to more secure MFA modes. If you're an organization admin, you’ll be asked to update the organization's MFA method by selecting from alternatives such as OneAuth, OTP Authenticator, or Security Key. Please make sure to update your organization's security policy to stay protected and comply with the new MFA requirements.

This announcement will be in effect from 29th December, 2025 (Monday).


Info
Note: Other users who currently use SMS-based OTP will receive a corresponding announcement and guided flow soon. We will update in this post once it’s available. Users can also switch to a more secure MFA mode anytime from the Multi-factor Authentication section in the Accounts page (accounts.zoho.com).

If you have any questions, please write to us at support@zohoaccounts.com.



    • Sticky Posts

    • Deprecation of SMS-based multi-factor authentication (MFA) mode

      Overview of SMS-based OTP MFA mode The SMS-based OTP MFA method involves the delivery of a one-time password to a user's mobile phone via SMS. The user receives the OTP on their mobile phone and enters it to sign into their account. SMS-based OTPs offer

    • Recent Topics

    • Free Webinar: Zoho Sign for Zoho Projects: Automate tasks and approvals with e-signatures

      Hi there! Handling multiple projects at once? Zoho Projects is your solution for automated and streamlined project management, and with the Zoho Sign extension, you can sign, send, and manage digital paperwork directly from your project workspace. Join

    • Customer ticket creation via Microsoft Teams

      Hi all, I'm looking to see if someone could point me in the right direction. I'd love to make it so my customers/ end users can make tickets, see responses and respond within microsoft teams. As Admin and an Agent i've installed the zoho assist app within

    • Is there a way to update all the start and end dates of tasks of a project after a calendar change?

      Hi! Here's my situation. I've built a complete project planning. All its tasks have start dates and due dates. After completing the planning, I've realized that the project calendar was not the right one. So I changed the project calendar. I now have

    • How to update task start date when project start date changes?

      Hi there, When the start date of a project changes, it's important to update the start dates of the tasks associated with that project to reflect the new timeline. Is there a way to shift the start date of all project tasks when the start date of a project

    • Uplifted homepage experience

      Hello everyone, Creating your homepage is now much easier, more visual, and more impactful. Until now, your homepage allowed you to display custom views, widgets, analytic components, and Kiosk. With the following improvements, the homepage is now a smarter,

    • Issue with Picklist Dropdown Not Opening on Mobile

      Hello I am experiencing an issue with picklist values on mobile. While the arrow is visible, the dropdown to scroll through the available values often does not open. This issue occurs sporadically, it has worked occasionally, but it is very rare and quite

    • using the client script based on the look up filed i wnat to fetch the record details like service number , service rate

      based on selected service look up field iwant to fetch the service serial number in the serice form how i achive using client script also how i get the current date in the date field in the on load of the form

    • Zoho Books/Square integration, using 2 Square 'locations' with new Books 'locations'?

      Hello! I saw some old threads about this but wasn't sure if there were any updates. Is there a way to integrate the Square locations feature with the Books locations feature? As in, transactions from separate Books locations go to separate Square locations

    • Add zoho calendar to google calendar

      Hi I keep seeing instructions on how to sync Zoho CRM calendar with google calendar but no instructions on how to view Zoho calendar in my google calendar.

    • Zoho Commerce - How To Change Blog Published Date and Author

      Hi Commerce Team, I'm discussing a project with a client who wants to move from Woo Commerce / Wordpress to Zoho Commerce. They have around 620 blog posts which will need to be migrated. I am now aware of the blog import feature and I have run some tests.

    • Add RTL and Hebrew Support for Candidate Portal (and Other Zoho Recruit Portals)

      Dear Zoho Recruit Team, I hope you're doing well. We would like to request the ability to set the Candidate Portal to be Right-to-Left (RTL) and in Hebrew, similar to the existing functionality for the Career Site. Currently, when we set the Career Site

    • Does zoho inventory need Enterprise or Premium subsrciption to make Widgets.

      We have Zoho One Enterprise and yet we can't create widgets on inventory.

    • Writing by Hand in "Write" Notes

      Hi there! I just downloaded this app a few moments ago, and I was wondering if there was a way to write things by hand in "Write" mode instead of just typing in the keyboard. It would make things a bit more efficient for me in this moment. Thanks!

    • Remove the “One Migration Per User” Limitation in Zoho WorkDrive

      Hi Zoho WorkDrive Team, Hope you are doing well. We would like to raise a critical feature request regarding the Google Drive → Zoho WorkDrive migration process. Current Limitation: Zoho WorkDrive currently enforces a hard limitation: A Zoho WorkDrive

    • How do I add todays date to merge field

      I don't see any selection of todays date when creating a letter.  Surely the date option of printing is standard? John

    • Handling Agent Transfer from Marketing Automation Journey to SalesIQ WhatsApp

      We are currently using Marketing Automation for WhatsApp marketing, and the features are great so far We have a scenario where, during a campaign or journey, we give customers an option to chat with our sales team. For this, we are using SalesIQ WhatsApp

    • Comment to DM Automation

      Comment to DM automation feature in Zoho Marketing Automation, similar to what tools like ManyChat offer. Use case: When a user comments on a social media post (Instagram / Facebook), the system should automatically: Send a private DM to the user Capture

    • ZMA shows as already connected to Zoho CRM, but integration not working

      When I try to connect ZMA with Zoho CRM, it shows as already connected, but the integration doesn’t seem to be working. I’ve attached the screen recording for reference.

    • Automatic Email Alerts for Errors in Zoho Creator Logs

      Hello, We would like to request a feature enhancement in Zoho Creator regarding error notifications. Currently, Zoho Creator allows users to view logs and errors for each application by navigating to Zoho Creator > Operations > Logs. However, there is

    • Can you default reports/charts to report the current week?

      Our data table maintains two years of data. Management wants certain report to automatically filter the report to the latest calendar week. I know I can do this manually with filters but I want the report to automatically default to the latest calendar

    • How can I check all announce?

      Hiii, May I ask how can I check all the announce based on broadcast date instead of reply date based So that I will not will miss out any new function

    • Recurring Automated Reminders

      Hi, The reminders feature in Zoho Books is a really helpful feature to automate reminders for invoices. However, currently we can set reminders based on number of days before/after the invoice date. It would be really helpful if a recurring reminder feature

    • Zobot Execution Logs & Run History (Similar to Zoho Flow)

      Dear Zoho SalesIQ Team, We would like to request an enhancement for Zoho SalesIQ Zobot: adding an execution log / run history, similar to what already exists in Zoho Flow. Reference: Zoho Flow In Zoho Flow, every execution is recorded in the History tab,

    • Importing into Multiselect Picklist

      Hi, We just completed a trade show and one of the bits of information we collect is tool style. The application supplied by the show set this up as individual questions. For example, if the customer used Thick Turret and Trumpf style but not Thin Turret,

    • I need to know the IP address of ZOHO CRM.

      The link below is the IP address for Analytics, do you have CRM's? https://help.zoho.com/portal/ja/kb/analytics/users-guide/import-connect-to-database/cloud-database/articles/zoho-analytics%E3%81%AEip%E3%82%A2%E3%83%89%E3%83%AC%E3%82%B9 I would like to

    • Password Assessment Reports for all users

      I'm the super admin and looking at the reporting available for Zoho Vault. I can see that there is a Password Assessment report available showing the passwords/weak and security score by user. However I'm confused at the 'report generated on' value. Monitor

    • Allow people to sign a zoho form by using esign or scanned signature

      Allow people to sign a zoho form by using esign or scanned signature

    • Can't change form's original name in URL

      Hi all, I have been duplicating + editing forms for jobs regarding the same department to maintain formatting + styling. The issue I've not run into is because I've duplicated it from an existing form, the URL doesn't seem to want to update with the new

    • How to Print the Data Model Zoho CRM

      I have created the data model in Zoho CRM and I want the ability to Print this. How do we do this please? I want the diagram exported to a PDF. There doesnt appear to be an option to do this. Thanks Andrew

    • Transfer ownership of files and folders in My Folders

      People work together as a team to achieve organizational goals and objectives. In an organization, there may be situations when someone leaves unexpectedly or is no longer available. This can put their team in a difficult position, especially if there

    • Setting certian items to be pickup only

      How do we have some items that are pickup only? I have several items in my item's list that I do not ship. But they need to be on the website to be sold, and picked up in store. Need to be able to do this as one of these products is a major seller for

    • Using gift vouchers

      We would like to be able to offer a limited number of gift vouchers, of varying values, to our customers, and are looking for the best way to do this. We have looked at Coupons and Gift Certificates, but neither seem to fit the bill perfectly. Coupons:

    • Automatically updating field(s) of lookup module

      I have a lookup field, which also pulls through the Status field from the linked record. When the lookup is first done, the Status is pulled through - this works perfectly. If that Status is later updated, the lookup field does not update as well. As

    • Zoho Commerce and Third-party shipping (MachShip) API integration

      We are implementing a third-party shipping (MachShip) API integration for our Zoho Commerce store and have made significant progress. However, we need guidance on a specific technical challenge. Current Challenge: We need to get the customer input to

    • Adding custom "lookup" fields in Zoho Customization

      How can I add a second “lookup” field in Zoho? I’m trying to create another lookup that pulls from my Contacts, but the option doesn’t appear in the module customization sidebar. In many cases, a single work order involves multiple contacts. Ideally,

    • Can you import projects into Zoho Projects yet?

      I see some very old posts asking about importing project records into Zoho Projects. But I can't find anything up to date about the topic. Has this functionality been added? Importing tasks is helpful. But we do have a project where importing projects

    • Allocating inventory to specific SO's

      Is there a way that allocate inventory to a specific sales order? For example, let's say we have 90 items in stock. Customer 1 orders 100 items. This allocates all 90 items to their order, and they have a back order for the remaining 10 items which could

    • Introducing Workqueue: your all-in-one view to manage daily work

      Hello all, We’re excited to introduce a major productivity boost to your CRM experience: Workqueue, a dynamic, all-in-one workspace that brings every important sales activity, approval, and follow-up right to your fingertips. What is Workqueue? Sales

    • Zoho Inventory. Preventing Negative Stock in Sales Orders – Best Practices?

      Dear Zoho Inventory Community, We’re a small business using Zoho Inventory with a team of sales managers. Unfortunately, some employees occasionally overlook stock levels during order processing, leading to negative inventory issues. Is there a way to

    • Automation #10 - Auto Assign Ticket based on Keywords

      This is a monthly series designed to help you get the best out of Desk. We take our cue from what's being discussed or asked about the most in our community. Then we find the right use cases that specifically highlight solutions, ideas and tips on optimizing

    • Next Page