Two-factor authentication, or 2FA as it is commonly abbreviated, is a technology that provides identification of users with the combination of 2 different components. It adds an extra step to your basic log-in procedure. Without 2FA, only username and password are required for login. The second factor adds more security to your account. 2FA requires the user to have two out of three types of credentials before being able to access an account. The three types are:
- Something you know, such as a personal identification number (PIN), password or a pattern
- Something you have, such as an ATM card, smartphone, or USB-key
- Something you are, such as a biometric like a fingerprint or voice print
You are already using 2FA in your daily life just without knowing that it is termed as 2FA. The idea of paying online with credit/debit card requires card details, as well as OTP which comes on your smartphone for authentication. It is indeed 2FA with one being the card details which you know and other being smartphone authentication which you possess.
Zimbra Collaboration Two-Factor Authentication
The use of two-factor authentication to prove your users’ identity is based on the premise that an unauthorized actor is unlikely to be able to supply both factors required for access. If, in an authentication attempt, at least one of the components is missing or incorrect, the user’s identity is not established with sufficient certainty and access to the user Zimbra Mailbox being protected by two-factor authentication remains blocked.
The two-factor authentication feature must be enabled in the Admin Console, and it can be enabled at User or Class-of-service level. This allows precise control over the users Security. Therefore, you can enable this feature just for the most critical Mailboxes in the environment, to all users, etc.
To enable it in the Admin Console: Home > Configure > Class of service > yourCOSname > Advanced > Two Factor Authentication
Use the check-boxes to:
- Enable two-factor authentication: enable or disable the two-factor authentication feature. User will have to setup two-factor authentication using Web Client after enable step.
- Require two-step authentication: all users will need to configure the 2FA
- Number of one-time codes to generate (per each user)
- Enable application passcodes: for legacy applications that don’t support 2FA. You can generate exceptions codes for them.
Using a username and password together with a piece of information that only the user knows makes it harder for potential intruders to gain access and steal that person’s personal data or identity. This can reduce phishing attacks as cyber criminals would need more than just users name and password details.