Two-Factor Authentication User Guide

Prev Next

To help protect your Rocket.Chat account across multiple platforms, you can enable two-factor authentication (2FA). This adds an extra layer of security by requiring two forms of verification before accessing your account.

Before enabling 2FA, a workspace administrator must turn on the feature for your workspace. Admins can do this by navigating to: Administration > Workspace > Settings > Accounts > Two Factor Authentication

Enabling 2FA on your account

You can enable or disable 2FA for your individual account if your workspace has 2FA enabled.

Available 2FA methods in Rocket.Chat:

  • TOTP (Time-Based One-Time Password): Requires a code from an authenticator app (e.g., Google Authenticator, Authy, Duo).

  • Email: Sends a verification code to your registered email address.

You can choose one or both options, depending on your workspace’s configuration. If you’re unsure which method to use, contact your administrator.

Enable 2FA via TOTP

Before you begin, install an authenticator app of your choice, such as Google Authenticator, Authy, or Duo.

To enable two-factor authentication (2FA) using a TOTP, follow these steps:

  1. Click your avatar, then go to Account > Profile.

  2. Navigate to Security > Two Factor Authentication.

  3. Click Enable two-factor authentication via TOTP.

  4. Enter the code generated by the authenticator app (e.g., Rocket.Chat:<username>) and click Verify. Your account will be linked to the app.

  5. Save the backup codes displayed in your Rocket.Chat account in a secure place. These can help you regain access if you lose your authenticator device.

Once setup is complete, you'll be prompted to enter a 2FA code when logging in or performing sensitive actions—depending on your workspace’s settings.

What is TOTP?

  • TOTP (Time-based One-Time Password) is a widely used method of 2FA.

  • It generates a unique numeric code based on a standardized algorithm and the current time.

  • TOTP enhances security by adding a second authentication factor beyond just your password.

Enable 2FA via email

This method sends temporary verification codes to your registered email address.

  1. Click your avatar, then go to Account > Profile.

  2. Navigate to Security > Two Factor Authentication.

  3. Click Enable two-factor authentication via Email.

Once enabled, you'll need to enter your username, password, and the verification code sent to your email each time you log in or perform secure actions.

Disabling 2FA on your account

To disable 2FA via TOTP:

  1. Click your avatar, then go to Account > Profile.

  2. Navigate to Security > Two Factor Authentication.

  3. Click Disable two-factor authentication via TOTP.

  4. Enter the six-digit code from your authenticator app and click Verify.

To disable 2FA via Email:

  1. Click your avatar, then go to Account > Profile.

  2. Navigate to Security > Two Factor Authentication.

  3. Click the Disable Two-factor authentication via Email button.

  4. Enter the six-digit code sent to your email and click Verify.

Once verified, 2FA will be disabled for your account.