- Print
- DarkLight
- PDF
Two Factor Authentication User Guide
- Print
- DarkLight
- PDF
With the ability to extensively use Rocket.Chat on multiple platforms, there is the risk of exposing your account details. Rocket.Chat’s two-factor authentication (2FA) feature provides additional protection for workspace users by requiring them to provide two forms of authentication before accessing their accounts.
To use 2FA, the Rocket.Chat workspace administrator must enable the Two Factor Authentication feature.
There are two options for 2FA in Rocket.Chat :
Two-factor authentication via TOTP: It requires an authentication code from your authenticator app.
Two-factor authentication via Email: It requires an authentication code that was sent to your email address.
With 2FA enabled, users logging into Rocket.Chat must provide not only their username and password but also a unique one-time code, either generated by an authenticator app or sent to their email. This code is unique to each login attempt and provides an extra layer of security, as it cannot be reused or guessed.
By default, 2FA is enabled with the email you used for signing up on the workspace.
Enable 2FA
To enable 2FA on your account via TOTP,
Before beginning the setup, download any available Authenticator app of your choice. Some popular Authenticators include Google Authenticator, Authy, and Duo.
Click your avatar and select My Account.
Navigate to Security > Two Factor Authentication.
Click Enable two-factor authentication via TOTP.
Scan the QR Code provided with your Authenticator app or setup using the Authentication keys manually.
Add the code generated by the Authenticator app (
Rocket.Chat: <username>
) and click Verify.A list of backup codes is provided. Save them securely in case you lose access to your Authenticator app. Now, the 2FA setup is completed.
TOTP is a Time-based One-Time Password. It is a very common form of 2FA.
TOTP works by generating a unique numeric password with a standardized algorithm. Time-based passwords are available and provide user-friendly, increased account security when used as a second factor.
To enable Two-factor authentication via Email,
Click Enable Two-factor authentication via Email.
Disable 2FA
To disable the 2FA via TOTP,
Click the Disable Two-factor authentication via TOTP button.
Enter the six-digit TOTP code from your authenticator app and click Verify.
To disable the 2FA via email,
Click the Disable Two-factor authentication via Email button.
Enter the six-digit authentication code sent to your email and click Verify.