Two-Factor Authentication User Guide

To enhance the security of your Rocket.Chat account across all platforms, you can enable two-factor authentication (2FA). This adds an extra layer of protection by requiring a second form of verification in addition to your password when signing in or performing sensitive actions.

Before users can enable 2FA, a workspace administrator must first enable the feature by navigating to Manage > Workspace > Settings > Accounts > Two Factor Authentication.

Enabling 2FA on your account

Once 2FA is enabled at the workspace level, you can configure it for your individual account.

Rocket.Chat supports the following 2FA methods:

• TOTP (Time-Based One-Time Password): Requires a code from an authenticator app (e.g., Google Authenticator, Authy, Duo).

• Email: Sends a one-time verification code to your registered email address.

Depending on your workspace configuration, you may be able to enable one or both methods. If you're unsure which option to use, contact your workspace administrator.

Enable 2FA via TOTP

TOTP (Time-Based One-Time Password) is a widely used authentication method that generates a temporary numeric code based on a standardized algorithm and the current time. Because the code changes frequently, it provides an additional layer of security beyond your password.

Before you begin, install an authenticator app of your choice, such as Google Authenticator, Authy, or Duo.

To enable two-factor authentication (2FA) via TOTP:

1. Click your avatar, then go to Account > Profile.

2. Navigate to Security > Two Factor Authentication.

3. Click Enable two-factor authentication via TOTP.

4. Open your authenticator app and scan the QR code or enter the setup key provided.

5. Enter the six-digit code generated by your authenticator app. Your account will be linked to the app (e.g., Rocket.Chat:<username>)

6. Click Verify to finish the setup.

7. After setup, Rocket.Chat will display backup codes. Store these codes securely because they can be used to regain access if you lose your authenticator device.

Once setup is complete, you will be prompted to enter a TOTP code during login or when performing sensitive actions, depending on your workspace settings.

Enable 2FA via email

This method sends temporary verification codes to your registered email address.

To enable 2FA via email:

1. Click your avatar, then go to Account > Profile.

2. Navigate to Security > Two Factor Authentication.

3. Click Enable two-factor authentication via Email.

Once enabled, you will need to enter the one-time verification code sent to your email each time you log in or perform sensitive actions.

Disabling 2FA on your account

You can disable 2FA at any time from your account settings.

To disable 2FA via TOTP:

1. Click your avatar, then go to Account > Profile.

2. Navigate to Security > Two Factor Authentication.

3. Click Disable two-factor authentication via TOTP.

4. Enter the six-digit code from your authenticator app and click Verify.

To disable 2FA via Email:

1. Click your avatar, then go to Account > Profile.

2. Navigate to Security > Two Factor Authentication.

3. Click the Disable Two-factor authentication via Email button.

4. Enter the six-digit code sent to your email and click Verify.

Once verification is complete, 2FA will be disabled for your account.

Two-factor authentication helps protect your account from unauthorized access, even when your password is compromised. Choose a method that fits your workflow and ensure your recovery options are safely stored.