Setting up 2-factor authentication (or 2FA) provides a second line of defense. If your password is compromised, your account is still protected. There are multiple kinds of 2FA and some are better than others: Text or SMS, Authenticator apps, and Security keys. The most basic form of 2FA is to have a one-time code sent to your device by text or SMS every time you sign in.
This method is common, but not the most secure as it can still be intercepted by attackers. An authenticator app, like Authy or Duo, generates a one-time code directly on your device. This is more secure than having the code sent via SMS.
Authenticators and security keys are the most secure 2FA options; they are effective against SIM-swap attacks where a fraudster can access your device and intercept SMS-based codes. Another way to prevent SIM-swap attacks is to call your wireless carrier and request a PIN be added to your account.
Thexyz supports various methods for 2FA, set up an additional level of security with two-factor authentication. Email administrators are now required to set up multi-factor authentication (2FA) to gain access to the admin area and manage email account settings. Once devices have been confirmed within trusted devices, they will not be required to re-enter the MFA time-based code.
Guides for managing Multi-factor authentication
- Manage Multi-Factor Authentication for Thexyz Webmail
- Administrators Guide for Email Multi-Factor Authentication
- How to add Yubikey Authentication to Thexyz
Two-factor authentication apps
Two-factor authentication adds an extra layer of security to your account by requiring you to sign in with your username and password and a code from a second device. This is a more secure authentication method than getting a text message to a mobile phone and you can also save a recovery code. Every login to Thexyz supports 2FA. To set up:
- Visit the app store on your mobile device or use a desktop app.
- Search for Google Authenticator or Authy. These mobile apps will generate your authentication code.
- Download and install the app.
- Scan the QR Code from the admin panel or manually enter the secret key into the app.
- Enter the six-digit 2FA code from the app.
SMS multi-factor authentication
If you do not currently use an Authentication app, the SMS method is still available to receive a one-time password via SMS messages. To set up:
- Select the SMS 2-step verification method.
- Enter your mobile phone number to receive a verification code.
- Enter the code that was sent to your mobile phone.
- Once verified, the two-step verification setup is complete.
A YubiKey is a small USB that stores an additional encrypted password to log in to your account. You will need to purchase a YubiKey to use this method of authentication as a hardware token.
- To get started, log in to your account at: https://www.thexyz.com/account with your email address and password.
- Where it says "Hello, your name" at the top right, click on it to bring down the menu and select "Security Settings."
- You can click the button to enable Two-factor authentication.
- Enter your Yubikey into your computer's USB drive and press the button to generate the security key.
- That's it, your Yubikey has been authenticated, be sure to take note of the passcode backup codes in case it is lost.
A guide has also been posted with screenshot images over here.