2FA: A Simple Step, a Huge Impact on Your Business Security

Contributed by Yasuko Komiyama, Zimbra Senior Sales Engineer

Co-edited by: Karyn Tan, Senior Manager in Marketing

Imagine a world where every piece of your business’s sensitive data was as public as a viral social media video. A world where hackers could easily access and exploit information meant to be confidential. That is the reality without the right security measures. 

Businesses, especially smaller ones, may prioritize other aspects of their operations, such as growth and profitability, over investing in robust security measures. This negligence can create significant vulnerabilities. 

Example of Two-Factor Authentication

An image showing how 2FA works

 2FA is like a digital fortress that shields your customers’ information. It is a small investment in technology, but a big step towards building trust and loyalty.  

In the context of security, Two-Factor Authentication, or 2FA is a key feature.

Did You Know?

You can use email as an additional factor in 2FA

Starting with the Daffodil version of Zimbra (version 10.1) users can use their recovery email address and the authentication app as an additional factor in the multifactor authentication process. Admins still have full control and can enforce both two-factor authentication methods, letting users switch between email or an authentication app as an authentication factor. 

In general, there is a trend of growing distrust of third-party authentication apps, such as the ones created and managed by Microsoft and Google.  Some organizations want to reduce their dependency on third-party apps. That is where this feature comes in handy as a replacement for the authenticator app-based method. 

Alternative way to use 2FA - Verification code via Email

Text explaining how some can still use a safe way to log into their accounts even when they lose their phone

 

When an end user loses their smartphone and 2FA has been enabled, you could still have an alternative secure method to login using a verification code sent via email (you can re-set the configuration of the Authenticator later). 

In this blog, we are sharing ways that you can set up 2FA from these two perspectives 

End User  

  • 2FA with email
  • 2FA with an authenticator app
  • Change preferred 2FA method
  • Remove 2FA method

Administrator  

  • Enable 2FA on the default class of service

For end users 

Employees can easily activate 2FA through their email settings. 

To enable 2FA with email, you will need  

  1. access to your Zimbra account and  
  2. a second email address: 

 

STEPS TO ENABLE 2FA WITH EMAIL 

Step 1. In Zimbra, click the gear menu.

Step 2. Choose Settings > Accounts.

Step 3. Select your account and click the “Set up this method” button next to “By email to password recovery address”.

Step 4. Enter your other email address to which a verification code will be sent. 

screenshot of 2FA setup by email

A screenshot of 2FA setup by email

Step 5. Enter your Zimbra password.

Step 6. You will receive a verification code.

Step 7. Enter the verification code. Click Verify to complete 2FA setup.

Screenshot shows how to verify recover email address

Screenshot shows how to verify recover email address

If you do not receive the verification code, click “Resend code”.

Step 8. Success. You enabled 2FA via email for your Zimbra account!

Note: If you have already set a recovery email address, you will see the following dialogue window at Step 4 instead of the usual prompt for the second email address. 

This window appears if you have already set a recovery email address

This window appears if you have already set a recovery email address. 

 

STEPS TO ENABLE 2FA WITH AUTHENTICATOR APPS

You can also setup 2FA with Authenticator apps

Step 1. In Zimbra, click the gear menu.

Step 2. Choose Settings > Accounts.

Step 3. Select your account and click the “Set up this method” button next to “Third-party authentication app”.

How to setup 2FA with authenticator apps

Screenshot of user interface to setup 2FA with authenticator apps

Step 4. Enter your Zimbra password.

The next steps require your smartphone.

Step 5. Click the URL to see the authentication applications available for your smartphone. Download the authentication application and install it on your smartphone. Click next.

Install authenticator app

User interface shows where to find the app and install

Step 6. Scan the code on the screen using the authentication app on your smart phone or type in the key. Click Next.

Step 7. Enter the code provided on your smartphone. Click Verify to complete 2FA setup.

Enter Authentication Code

Screen shows authentication code field

Step 8. Success. You enabled 2FA with Authenticator app for your Zimbra account!

A new code for the method you want to use.

When you configure multiple methods, you will be prompted for a new code of the preferred method on your login time, Authenticator app or email.

Step 1. Click “Use other method” to change the method.

Use Other Method

Choose “Use Other Method”

Step 2. Choose a method. 

Choose a method

Showing a screen for “Choose a method”

To change the preferred method

Step 1. In Zimbra, click the gear menu.

Step 2. Choose Settings > Accounts.

Step 3. Select your account.

Step 4. Select the authentication option radio button, under “Preferred” and save it.

Change the preferred method

User interface showing change the preferred method

To remove the method

  1. In Zimbra, click the gear menu.
  2. Choose Settings > Accounts.
  3. Select your account.
  4. Click “Remove this method” and confirm.
Screen shows remove 2FA

Screen showing Remove 2FA method

 

Note: When 2FA is enforced under settings (set zimbraFeatureTwoFactorAuthRequired to TRUE), you can remove one of two methods but cannot remove both (The “Remove this method” button will be grayed out). 

Screen shows when 2FA is enforced

Screen shows when 2FA is enforced

 

Note: You can use one-time codes if you do not have your phone, or your other email address is not reachable.  Click the “10 unused codes” link and print the 10 codes.  

Showing screen on where to find ten unused codes

Showing screen on where to find ten unused codes

Keep the codes handy, so they are available when you need them

Screen showing one-time unused codes

Screen showing one-time unused codes

The number of “unused codes” is counted down each time you use one.  When you run out the unused code, click “Generate new codes” to generate another 10. 

Screen shows unused code is at zero

The screen shows unused code is at zero

 

Generate new codes button

Screen shows how to generate new codes

Note: If you do not see the “Two-factor authentication” section in your Settings, your organization has not enabled the 2FA feature. Please contact your System Administrator or email service provider for more information. 

For administrators 

To enable the Two-Factor authentication on the default class of service, you can run it from the command line as user Zimbra:  

zmprov mc default zimbraFeatureTwoFactorAuthAvailable TRUE

To allow a single method

zmprov mc default zimbraTwoFactorAuthMethodAllowed app
zmprov mc default zimbraTwoFactorAuthMethodAllowed email

To allow both methods

zmprov mc default +zimbraTwoFactorAuthMethodAllowed app\
+zimbraTwoFactorAuthMethodAllowed email

 

You can also enable two-factor authentication via the admin console WebUI, go to Configure -> Class of Service -> default -> Advanced and check Enable two-factor authentication.  Check Authenticator app and/or Email in Available two-factor methods.  Do not forget to click save. 

Screen shows Zimbra Administrator's view

Screen shows Zimbra Administrator’s view

Repeat these steps for all Classes of Service where you want to enable 2FA. 

Admin can manage the current 2FA related configurations for each user.  Go to Manage -> Accounts -> [user] -> Advanced and verify the value in Two Factor Authentication section. 

Click “Disable” link to reset the current configuration of “Authenticator app” or “Email” method on behalf of the end user. 

Screen showing Zimbra Administrator's view

Screen showing Zimbra Administrator’s view

Note: When your administrator has reset both methods, please make sure to set zimbraFeatureTwoFactorAuthRequired attribute to FALSE. 

Add 2FA to Your Onboarding Checklist 

 By making 2FA part of the onboarding process, you can guarantee that every new employee has the knowledge and skills to protect their company’s data from unauthorized access.  

You are not only protecting your customers’ data but also safeguarding your reputation and mitigating the risk of costly data breaches.  

Don’t wait for a crisis to strike. Take proactive steps to protect your business and your customers by adopting 2FA as a standard security practice. 

No comments yet.

Leave a Reply

Copyright © 2022 Zimbra, Inc. All rights reserved.

All information contained in this blog is intended for informational purposes only. Synacor, Inc. is not responsible or liable in any manner for the use or misuse of any technical content provided herein. No specific or implied warranty is provided in association with the information or application of the information provided herein, including, but not limited to, use, misuse or distribution of such information by any user. The user assumes any and all risk pertaining to the use or distribution in any form of any subject matter contained in this blog.

Legal Information | Privacy Policy | Do Not Sell My Personal Information | CCPA Disclosures