Two Factor Authentication

Two-factor authentication(2FA) is implemented in webmail to protect your account and email from abuse. Here, the first authentication factor is your password, and the second is an authentication code using Authenticator App. Before proceeding, download a Authenticator App.

Some of the authenticator Apps are

• Google Authenticator App
• Microsoft Authenticator
• Zoho Authenticator
• Microsoft Authenticator App from windows store.
• chrome plugin
• You can also try our own authentication App for Linux and Windows(not signed for windows store).

Please note the following important points.

• Before enabling 2FA, you should have your authenticator app ready to get the authentication code. Without this you will not be able to log in.
• You can log in to your account with single-factor authentication (SFA) using webmail1 from IITK LAN.
• Important: If you lose your account data from authenticator app, you will be unable to log in. Contact the mail help desk. Do not share the App secret code with any one.
• If you have multiple accounts, scan each account's QR codes separately.

Follow the below screenshot (Figure 1.3.14)after login to your account.

Figure 1.3.14: Enabling 2FA after first login

Please note the green numbering in the above figure, and the explanation of each point is given below.

1. Go to settings.
2. Click on 2-Factor Authentication.
3. Click on "Fill all fields (make sure you click save to store your settings".

After following all three steps above the 2FA secret key and associated data is now generated. Follow the sequence of steps highlighted in Figure 1.3.15.

Figure 1.3.15: 2FA

The numbers highlighted green in the above screenshot are explained below.

1. Ensure the Authenticator App is installed. E.g. if you are using Google Authenticator, open the app and register with a Google account. Click on the Plus(+) sign on the bottom right of the screen.
2. Scan the QR code in the Google Authenticator App.
3. Enter the 6-digit code from the Google Authenticator App and click on "Check Code"; it must succeed. Otherwise, do not regenerate the QR code before saving. Check your system time and fix it to match the current time.
4. Save the data previously generated.
5. This is an optional but recommended step. These are four recovery keys to use as OTPs when you cannot access your phone. You can keep them stored in a password manager for safekeeping. Once you use a key, it can not be used again. Deactivate and activate the plug-in (step 6) to generate a set of recovery keys along with a new QR (scan again with the authenticator App).
6. Click on this box to activate 2FA.
7. When you do not want to scan the QR in the Authenticator App, use this secret. IMPORTANT: Keep this secret code and QR code hidden, and do not share with anyone. If someone gets hold of this code, they will have access to the 2FA code.

For IoS you can use following steps to download and use the authenticator app.

• Open Apple “App Store”
• Search for “Authenticator”
• Download Google, Microsoft or Zoho Authenticator.
• Click on “Add New” to link your 2FA account
• Add the 32 digit secret key manually or Scan the QR code.
• Linked account will display 6-digit PIN to access your Webmail.