²ÝÝ®ÊÓƵÔÚÏß²¥·Å

Multi-Factor Authentication now required with email. LEARN MORE

SELECTED LOCATION: [ CHANGE ]

Language icon

Multi-Factor Authentication is used as an extra layer of security while signing in to your account. When you enable MFA, all your future sign-ins will require you to verify your identity to ensure that your account isn't accessed by unknown users. You can do this by enabling an MFA mode for your account.Ìý

MFA modes

Zoho provides four MFA modes to choose from:

1.) OneAuthÌý

OneAuth is an industry standard multi-factor authentication app built by Zoho. Works on a PC with no smartphone required. It offers the following features:

  • MFA for multiple Zoho accounts
  • Passwordless sign-in
  • Mobile SSO
  • OTP authenticator for non-Zoho accounts
  • Easy backup and recovery

To download OneAuth, please Ìý

2.) OTP Authenticator

An OTP authenticator generates unique codes in fixed time intervals. When you set an OTP authenticator as your MFA mode, you can use the OTP shown in the authenticator app to verify your identity during sign-in.

3.) Security Key

A security key is a hardware device which can be inserted into your computer or laptop. When you configure a security key for your account and set it as your MFA mode, you can insert it to verify your identity during sign-in.

4.) Google Authenticator

Google Authenticator adds an extra layer of security to your online accounts by adding a second step of verification when you sign in.

Multi-mode MFA

You can configure multi-mode MFA by configuring at least two MFA modes for your account. With multi-mode MFA, you will have the flexibility to choose between different modes when you want to sign in to your account. You can set one of the modes as the primary MFA mode, and it will be the default mode when you try to sign in. You can choose the other modes to sign in if your primary mode is not currently available. See how to sign in using multi-mode MFA.

MFA and third party mail clients

If you are using your Zoho account in any third-party mail clients, such as Outlook or Thunderbird, you may encounter issues signing in to the app if it doesn't support multi-factor authentication (this more often results in an "incorrect password" error). This is because only entering your username and password in your client will not allow you to sign in as MFA verification cannot be done.

In such cases, you can generate application-specific passwords in Zoho and use them to sign in to your mail client. These application-specific passwords allow you to bypass MFA verification and let you sign in to the client with just your username and this application-specific password.

MFA Lifetime

Normally, you will need to verify your identity using your MFA mode every time you sign in to your account. However, if you are signing in often from a trusted computer (such as your personal computer), you can avoid verifying through MFA by trusting your browser. By default, the MFA lifetime for a trusted browser (i.e., the duration you won't be asked for MFA) is 180 days. However, if you are part of an organization, your administrator may reduce the number of days or even restrict trusting a browser altogether by enforcing security policies.