Activating two-factor authentication
Before activating the 2FA, it’s needed to install a TOTP application to Your smartphone, for example Google Authenticator for IOS or Android.
The 2FA can be enabled in the webmail from Settings -> 2 FACTOR AUTH -> Enable two factor authentication.
Then scan the displayed QR code with the camera of Your smartphone and add the token to the application. A 6-digit confirmation code is displayed after adding the token, which has to be inserted to the respective text box in the webmail window.
2FA is activated only if the confirmation code is correct.
For an IOS device, just pointing the camera to the QR code is enough, but an Android device could need a separate QR code scanner.
After activating the 2FA, both webmail and ZoneCloud will start asking the TOTP code besides the password. Also, it’s not possible to use the old password anymore with IMAP, POP3, SMTP and ZoneCloud client.
The TOTP code is a 6-digit number, which can be found from the TOTP application (Google Authenticator). The TOTP code changes continuosly and every login it’s different.
In order to continue using IMAP, POP3 or SMTP, it’s needed to generate an application password, which can be done from the webmail. It’s suggested to use one password only on a single application or device.
ZoneCloud
To log in with a ZoneCloud client after activating the 2FA, a separate application password must be created in the ZoneCloud web platform. The same 2FA TOTP code that is used for logging in webmail is also suitable for ZoneCloud web.
When logged in, click on the e-mail address in the upper right corner of the web page and choose Settings -> Security -> under App passwords / tokens, insert the applications name and click Create new app passcode. The displayed password insert to the ZoneCloud application password box.
Deactivating two-factor authentication
For deactivating the 2FA in the webmail, go to Settings -> 2 FACTOR AUTH -> “Disable two factor authentication”.
How secure is the application password?
The application password is a 16-character long generated unique password which is displayed only once and is meant to be inserted to a specific application without saving it elsewhere. Due to secure connection to the mail server over SSL/TLS, it’s not possible to extract the password.
What happens when a 2FA device gets lost?
It’s possible to deactivate the 2FA in the web hosting management under E-mail -> Mailboxes by pressing the red X mark next to “Two factor authentication: Enabled”