| description |
|---|
Secure your account with two factor authentication. |
With the ability to extensively use Rocket.Chat on multiple platforms, and there is the risk of exposing your account details. Rocket.Chat two-factor authentication (2FA) provides additional protection for workspace users by requiring them to provide two forms of authentication before accessing their accounts.
With 2FA enabled, a Rocket.Chat user is required to enter not only their username and password but also a one-time code generated by an authentication app, such as Google Authenticator when logging into their account. This code is unique to each login attempt and provides an extra layer of security, as it cannot be reused or guessed.
{% hint style="info" %} By default, 2FA is enabled with the email you used for signing up on the server. {% endhint %}
To use 2FA, the Rocket.Chat workspace administrator must turn on the Two Factor Authentication feature.
{% hint style="info" %} Before beginning the setup, download any available Authenticator app of your choice. Some popular Authenticators include Google Authenticator, Authy, and Duo. {% endhint %}
To enable 2FA on your account,
- Click your avatar and select My Account.
- Navigate to Security > Two Factor Authentication.
- Click Enable two-factor authentication via TOTP .
- Scan the QR Code provided with your Authenticator app or setup using the Authentication keys manually.
- Add the code generated by the Authenticator app (
Rocket.Chat: <username>) and click Verify. - A list of backup codes is provided. Save them securely in case you lose access to your Authenticator app. Now, the 2FA setup is completed.
{% hint style="info" %}
- TOTP is a Time-based One-Time Password. It is a very common form of 2FA.
- TOTP works by generating a unique numeric password with a standardized algorithm. Time-based passwords are available and provide user-friendly, increased account security when used as a second factor. {% endhint %}