Mobile-based OTP | MFA - Zoho Accounts

SMS-based OTP

If you've set up SMS-based OTP as your multi-factor authentication (MFA) mode for your Zoho account, you will need to verify yourself during sign-in using a one-time password (OTP) sent to your registered mobile number.

How to set up SMS-based OTP for MFA?

You can set up SMS-based OTP by configuring a mobile number as the MFA mobile number. You can either add a new number as the MFA mobile number or configure a number that is already added as a recovery number to your account.

However, if a recovery number is changed as MFA mobile number, then it cannot be used for account recovery anymore. You will have to add another recovery number.
Note: For users who registered after January 1, 2024, SMS-based OTP won't be provided as an MFA option. This is due to the susceptibilty of SMS-based OTP  to various security threats like phishing, SS7 and SIM swapping attacks.

Steps to configure MFA number:
  1. Sign in at accounts.zoho.com.
  2. Click Multi-Factor Authentication in the left menu.
  3. Click Set up Now under SMS-based OTP.
  4. To set a new number as MFA number:
    1. Enter the mobile number, then click Next. An OTP will be sent to the entered mobile number.
    2. Enter the received OTP, then click Verify.
  5. To set an already added recovery number as MFA number:
    1. Click Choose from already added numbers.
    2. Select the required number from the list of added numbers.
    3. Click Add.
Info: Once you have configured an MFA mode for your account, make sure to generate backup verification codes. These codes will help you recover your account if you lose access to your mobile number and can't sign in.

How to set SMS-based OTP as primary MFA mode?

If you have configured multiple MFA modes for your account, you can set one of them as your primary MFA mode. When you try to sign in, your primary mode will be the default mode for authentication.

To set SMS-based OTP as the primary MFA mode:
  1. Sign in at accounts.zoho.com.
  2. Click Multi-Factor Authentication in the left menu.
  3. Click MAKE PRIMARY next to SMS-based OTP.
  4. Click Confirm.

How to sign in using SMS-based OTP?

If SMS-based OTP is your primary MFA mode, follow the steps to sign in:
  1. Go to the Zoho sign-in page.
  2. Enter your email address, then click NEXT.
  3. Enter your password, then click SIGN IN.
  4. Enter the OTP sent to your mobile number, then click VERIFY.
If you have set up multi-mode MFA with another MFA mode as your primary mode, see how to sign in using SMS-based OTP.
Note: If you are using a mail client, you may have issues signing in to it once you enable MFA (in most cases, "incorrect password" error will shown). This is because your mail client doesn't support MFA. In that case, you can use application-specific passwords to bypass MFA and sign in to your mail client.

How to recover account if mobile number is not accessible?

If you can't sign in to your account due to issues with your mobile number, then you can recover access to your account using your previously generated backup verification codes.

See how to use backup codes to recover your account. Once you get access, make sure to re-configure a different mobile number for SMS-based OTP or a different MFA mode.

If you haven't generated backup codes previously or lost them, then contact our support team at support@zohoaccounts.com. After verifying your identity, you will be provided with a backup code to sign in to your account.
  1. How to use application passwords for mail clients
  2. How to disable/re-enable MFA
  3. MFA: Frequently asked questions
  4. MFA: Troubleshooting