Two Factor Authentication User Guide
    • Dark
      Light
    • PDF

    Two Factor Authentication User Guide

    • Dark
      Light
    • PDF

    Article summary

    With the ability to use Rocket.Chat on multiple platforms, you carry the risk of exposing your account details. Rocket.Chat’s two-factor authentication (2FA) feature provides additional protection for workspace users by requiring them to provide two forms of authentication before accessing their accounts.

    Enable 2FA on the workspace

    To use 2FA, the Rocket.Chat workspace administrator must enable the Two Factor Authentication feature.

    The two options for 2FA in Rocket.Chat are:

    • Two-factor authentication via TOTP: It requires an authentication code from your authenticator app (for example, Google Authenticator, Authy, and Duo).

    • Two-factor authentication via Email: It requires an authentication code that was sent to your email address.

    With 2FA enabled, users logging into Rocket.Chat must provide not only their username and password but also a unique one-time code, either generated by an authenticator app or sent to their email. This code is unique to each login attempt and provides an extra layer of security, as it cannot be reused or guessed.

    By default, 2FA is enabled with the email you used for signing up on the workspace.

    Enable 2FA on your account

    Once the 2FA settings are saved, workspace users can enable 2FA on their accounts as follows:

    Enable 2FA via TOTP

    Before beginning the setup, download any available Authenticator app of your choice. Some popular Authenticators include Google Authenticator, Authy, and Duo.

    1. Click your avatar and select My Account.

    2. Go to Security > Two Factor Authentication.

    3. Click Enable two-factor authentication via TOTP.

    4. Scan the QR Code provided with your Authenticator app or set it up using the Authentication keys manually.

    5. Add the code generated by the Authenticator app (Rocket.Chat: <username>) and click Verify.

    6. A list of backup codes is provided. Save them securely in case you lose access to your Authenticator app. Now, the 2FA setup is completed.

    • TOTP is a Time-based One-Time Password. It is a very common form of 2FA.

    • TOTP works by generating a unique numeric password with a standardized algorithm. Time-based passwords are available and provide user-friendly, increased account security when used as a second factor.

    Enable 2FA via email

    1. Click your avatar and select My Account.

    2. Go to Security > Two Factor Authentication.

    3. Click Enable Two-factor authentication via Email.

    Now, to login to your account, you will need to enter your username, password, and authentication code.

    Disable 2FA on your account

    To disable the 2FA via TOTP,

    1. Click your avatar and select My Account.

    2. Go to Security > Two Factor Authentication.

    3. Click the Disable Two-factor authentication via TOTP button.

    4. Enter the six-digit TOTP code from your authenticator app and click Verify.

    To disable the 2FA via email,

    1. Click your avatar and select My Account.

    2. Go to Security > Two Factor Authentication.

    3. Click the Disable Two-factor authentication via Email button.

    4. Enter the six-digit authentication code sent to your email and click Verify.

    Now, 2FA has been disabled on your account.


    Was this article helpful?