Deprecation of SMS-based multi-factor authentication (MFA) mode

Deprecation of SMS-based multi-factor authentication (MFA) mode

Overview of SMS-based OTP MFA mode 

The SMS-based OTP MFA method involves the delivery of a one-time password to a user's mobile phone via SMS. The user receives the OTP on their mobile phone and enters it to sign into their account.

SMS-based OTPs offer convenience due to their accessibility; nearly everyone possesses a mobile phone and SMS-based OTPs arrive quickly, allowing for easy and secure authentication.

However, there are some other considerations and security risks that make the SMS-based OTP one of the least preferable options for multi-factor authentication. Hence, we’ve decided to deprecate it as an MFA mode.

Reasons for deprecation 

SMS-based OTPs are susceptible to various attacks, including phishing, SIM swapping, and signaling system 7.

Phishing attack: Scammers send fake messages with links to websites that resemble our sign-in page. For example:
They trick you into entering your login details and OTPs. If you do, scammers can access your account, putting your personal information and security at risk.

SIM swapping: By knowing your phone number, a scammer can contact your telecom provider's customer service and request to transfer your phone number to a new SIM card, giving them access to your accounts and personal data without your consent.

Signaling system 7 attack: A hacker can spy on you via the cell phone signaling system, where they can listen to calls, intercept text messages, and track your phone's location, leading to serious security risks.

Considering the security threats in SMS-based OTPs and the guidelines on implementing phishing-resistant MFA given by the Cybersecurity & Infrastructure Security Agency (CISA) of the United States government, we deprecated the SMS-based OTP MFA mode.

➤ Current status
     Deprecation of SMS-based OTP MFA mode for all users who signed up after January 1, 2024.

➤ Upcoming plan
     Migration of existing users and organizations currently enforcing SMS-based OTP MFA to alternate MFA modes.  

Alternate MFA modes

If you’re an organization admin, you can set up a different MFA mode for your organization in the security policies. If you’re a personal user, you can go to the multi-factor authentication section at accounts.zoho.com and set up any of the MFA modes described below.
  • OneAuth (recommended)
    Zoho OneAuth is a multi-factor authentication app that you can use to secure your Zoho account as well as third-party accounts, including Google, Facebook, and Microsoft. With OneAuth, you can set up any of the three authentication modes: push notifications, time-based OTPs, and QR codes.

  • OTP authenticator
    OTP authenticators are apps you can use to set up MFA for your account. These apps generate new OTPs in duration you set, which you can use to sign in to your account.
    Learn how to set up an OTP authenticator.

  • Security key
    A security key is a hardware device that you link to your account to enable multi-factor authentication. Once linked, you'll need to use this key each time you sign in to verify your identity.
    Learn how to set up the security key.
If you have any questions, please write to us at support@zohoaccounts.com.


Update (December 26, 2025) - Announcement page to be shown for administrators

We’re adding a new announcement page during sign-in to help organization admins currently enforcing SMS-based OTP switch to more secure MFA modes. If you're an organization admin, you’ll be asked to update the organization's MFA method by selecting from alternatives such as OneAuth, OTP Authenticator, or Security Key. Please make sure to update your organization's security policy to stay protected and comply with the new MFA requirements.

This announcement will be in effect from 29th December, 2025 (Monday).


Info
Note: Other users who currently use SMS-based OTP will receive a corresponding announcement and guided flow soon. We will update in this post once it’s available. Users can also switch to a more secure MFA mode anytime from the Multi-factor Authentication section in the Accounts page (accounts.zoho.com).

If you have any questions, please write to us at support@zohoaccounts.com.



    • Sticky Posts

    • Deprecation of SMS-based multi-factor authentication (MFA) mode

      Overview of SMS-based OTP MFA mode The SMS-based OTP MFA method involves the delivery of a one-time password to a user's mobile phone via SMS. The user receives the OTP on their mobile phone and enters it to sign into their account. SMS-based OTPs offer

    • Recent Topics

    • Is It Possible to Convert a Custom Module to a Quote?

      I recently created a custom module in our CRM environment for RFQs so that our sales team can submit quote requests directly in Zoho rather than by email/phone. This allows for a cleaner overall process, minimizing potential errors and potentially encouraging

    • using the Client script on the load of the form if service no is empty means then i want to make issue relate to is Service

      using the Client script on the load of the form if service no is empty means then i want to make issue relate to field is Service if Purchae no is empty means then i want to make issue relate to is Purchase

    • Changes to the send mail Deluge task in Zoho CRM

      Hello everyone, At Zoho, we continuously enhance our security measures to ensure a safer experience for all users. As part of our ongoing security enhancements, we're making an important update on using the send mail Deluge task in Zoho CRM. What's changing?

    • Zoho Desk API - Send Reply to CUSTOMERPORTAL

      Hello! I'll try to send a reply to Customer Portal, But the response is 500 (INTERNAL_SERVER_ERROR in service response). {"Error":"{\"errorCode\":\"INTERNAL_SERVER_ERROR\",\"message\":\"An internal server error occurred while performing this operation.\"}"}

    • Analytics : How to share to an external client ?

      We have a use case where a client wants a portal so that several of his users can view dashboards that we have created for them in Zoho Analytics. They are not part of our company or Zoho One account. The clients want the ability to have user specific,

    • Work Order wont mark as Completed

      I have a couple of work orders that won't mark as completed even when I've marked the Service Appointments as completed fully.

    • Item name special charaters <>

      Im trying to input speical characters such as < and > into item name and item description but comes up with following error: Invalid value passed for Item Name and Invalid value passed for Item Description How do i allow speical characters?

    • Zoho Analytics Dashboard - How to hide the user filter

      I am using the same dashboard template across different external clients and applying a user filter to the data by site URL. How can I hide the user filter in View Mode so the external client won't see the list of other clients in the drop-down menu?

    • Customer Parent Account or Sub-Customer Account

      Some of clients as they have 50 to 300 branches, they required separate account statement with outlet name and number; which means we have to open new account for each branch individually. However, the main issue is that, when they make a payment, they

    • Cannot get code to work with v2.mergeAndStore!

      Please can someone help me pass subform items into a repeating mail merge table row using v2.mergeAndStore? I have a mail merge template created in Writer and stored in Workdrive. This template is referenced by a custom CRM function which merges all of

    • Kaizen #229: Email-Deal Associations in Zoho CRM

      Hi All, Welcome back to another week of Kaizen! Emails are a core channel for customer communication in any CRM system. In Zoho CRM, emails can be associated with records across multiple modules. In this post, we will focus on email associations with

    • Deprecation of the Zoho OAuth connector

      Hello everyone, At Zoho, we continuously evaluate our integrations to ensure they meet the highest standards of security, reliability, and compliance. As part of these ongoing efforts, we've made the decision to deprecate the Zoho OAuth default connector

    • Action Required: Update Microsoft SQL Server Security Settings Before February 2026

      Dear Users, We recently deployed security updates in Zoho Analytics that inadvertently caused connection failures for a few customers using Microsoft (MS) SQL Server hosted on older Windows versions (Windows Server 2012, 2012 R2, and 2014). To restore

    • Contacts limit in basic vs standard - what counts? Are customers contacts?

      I’ve been using books for a number years for my small business. I only ever work with 20 clients at any given time. I do purchase services from a number of vendors to run my business, so there are some comtacts there too. I used to use the basic package,

    • Saving issue

      First problem I opened a MS word file in writer. after the work is done, it does not save instantly, I waited for like 10min and it still did not save. second problem When I save a file, then file gets saved as another copy. I just did save, not save

    • Automating Employee Birthday Notifications in Zoho Cliq

      Have you ever missed a birthday and felt like the office Grinch? Fear not, the Cliq Developer Platform has got your back! With Zoho Cliq's Schedulers, you can be the office party-cipant who never forgets a single cake, balloon, or awkward rendition of

    • Create Tasklist with Tasklist Template using API v3

      In the old API, we could mention the parameter 'task_template_id' when creating a tasklist via API to apply a tasklist template: https://www.zoho.com/projects/help/rest-api/tasklists-api.html#create-tasklist In API v3 there does not seem to be a way to

    • How to mix different types of inputs (such as dropdown list and textbox)

      Hi, I'm creating a form called "Room Reservations" for a company. I created a "table" using "Matrix Choice". I created "Room 1", "Room 2" and "Room 3" with the "Questions". I would then like to create two columns with the "Answers", one called "Department"

    • Ability to Set a Unified Tab Order/View for All Users in Zoho Projects

      Hello Zoho Projects Team, We hope you are doing well. We would like to submit a feature request regarding tab/menu organization in Zoho Projects. Current Behavior: The tab (module) order in Zoho Projects is user-specific. Each user (internal or external)

    • Layout Rules Don't Apply To Blueprints

      Hi Zoho the conditional layout rules for fields and making fields required don't work well with with Blueprints if those same fields are called DURING a Blueprint. Example. I have field A that is used in layout rule. If value of field A is "1" it is supposed to show and make required field B. If the value to field A is "2" it is supposed to show and make required field C. Now I have a Blueprint that says when last stage moves to "Closed," during the transition, the agent must fill out field A. Now

    • Task Order

      Hello! I've recently switched to Zoho Projects and a long time user of MS Project, Asana and LiquidPlanner (which has recently been purchased) and I'm running into a frustration I'm hoping someone can assist with. It has to do with how tasks are ordered

    • Automating CRM backup storage?

      Hi there, We've recently set up automatic backups for our Zoho CRM account. We were hoping that the backup functionality would not require any manual work on our end, but it seems that we are always required to download the backups ourselves, store them,

    • Zoho Books | Product updates | January 2026

      Hello users, We’ve rolled out new features and enhancements in Zoho Books. From e-filing Form 1099 directly with the IRS to corporation tax support, explore the updates designed to enhance your bookkeeping experience. E-File Form 1099 Directly With the

    • 2026 Product Roadmap and Upcoming Features

      This is your guide to what is coming in Zoho Vertical Studio throughout 2026. We’ll update this post throughout the year as items move from development to release, and as and when new initiatives are added. Once a feature is released, it will be reflected

    • Vendor legal and DBA names for USA users

      I would like to hear how Zoho Books users are handling DBA names in the vendor profile. If the Company name in the vendor profile has to be the legal name (line 1 of the W-9), whare are you entering the DBA name (the name that checks are made out to)

    • Zoho Books API invoice email bouncing with 'relaying-issues' error

      I have waited over 30 days for zoho books uk to assist with the following and i have had no replies or tickets erronously closed. The service has been terrible - very unlike zoho! So i am raising this here hoping that a community member can assist: Hello,

    • Stop the Workarounds: We Need Native Multi-Step Forms

      After over 17 years of community requests, I'm hoping the Zoho team can finally address the lack of native multi-page form support in Zoho Creator. This has been one of the longest-standing feature requests in the community, with threads spanning nearly

    • Product Updates in Zoho Workplace applications | January 2026

      Hello Workplace Community, Let’s take a look at the new features and enhancements that went live across all Workplace applications for the month of January. Zoho Mail Zoho People Notifications preview in Zoho Mail Notification emails from Zoho People

    • How do i setup default values for few fields

      We have few fields in CRM like rate of return, type etc - they can be picklist and standard inut fields. picklist we have choice to set default value. but how do we default some value in input type of fields?

    • We know the company but not the contact

      We are fairly new to Zoho, part of our marketing stack is we use products like lead feeder to identify which companies are visiting our site. We are able to match this data to salesiq but cannot find a way to add a company name to the salesiq visitor

    • Sort Legend & stacked bar chart by value

      I'd love to see an option added to sort the legend of graphs by the value that is being represented. This way the items with the largest value in the graph are displayed top down in the legend. For example, let's say I have a large sales team and I create

    • Customize Calendar view in Teamspaces Settings

      Right now every customization that happens inside of the calendar view inside of CRM is only visible for the specific user. We want to be able to set up calendar views as an admin for specific roles. I would suggest to do that inside of the settings of

    • How to filter subform report based upon main form report in dashboard

      Hi Team, I am creating a dashboard in Zoho Analytics. I want to have a main form report and below I want to show subform report of main form. If I filter the main form with date then I want to show subform records based upon main form. how can I achieve

    • using the Client script I want to Hide Show the Fields

      if Related to service means some of the field like service no want to shoe and hide Amc no , purchase no how i achive this let issu = ZDK.Page.getField('Issue_Related_To').getValue(); if (issu == 'Service') { var field_obj = ZDK.Page.getField('Warranty_Cases');

    • From Zoho CRM to Paper : Design & Print Data Directly using Canvas Print View

      Hello Everyone, We are excited to announce a new addition to your Canvas in Zoho CRM - Print View. Canvas print view helps you transform your custom CRM layouts into print-ready documents, so you can bring your digital data to the physical world with

    • Ask the Expert – Zoho One Admin Track : une session dédiée aux administrateurs Zoho One

      Vous administrez Zoho One et vous vous posez des questions sur la configuration, la gestion des utilisateurs, la sécurité ou encore l’optimisation de votre back-office ? Bonne nouvelle : une session Ask the Expert – Zoho One Admin Track arrive bientôt,

    • Kanban view on Zoho CRM mobile app!

      What is Kanban? The name doesn't sound English, right? Yes, Kanban is a Japanese word which means 'Card you can see'. As per the meaning, Kanban in CRM is a type of list view in which the records will be displayed in cards and categorized under the given

    • How can Data Enrichment be automatically triggered when a new Lead is created in Zoho CRM?

      Hi, I have a pipeline where a Lead is created automatically through the Zoho API and I've been trying to look for a way to automatically apply Data Enrichment on this created lead. 1) I did not find any way to do this through the Zoho API; it seems like

    • Write-Off multiple invoices and tax calculation

      Good evening, I have many invoices which are long overdue and I do not expect them to be paid. I believe I should write them off. I did some tests and I have some questions:  - I cannot find a way to write off several invoices together. How can I do that,

    • Kaizen #210 - Answering your Questions | Event Management System using ZDK CLI

      Hello Everyone, Welcome back to yet another post in the Kaizen Series! As you already may know, for the Kaizen #200 milestone, we asked for your feedback and many of you suggested topics for us to discuss. We have been writing on these topics over the

    • Next Page