Two Factor Authentication User Guide

With the ability to use Rocket.Chat on multiple platforms, you carry the risk of exposing your account details. Rocket.Chat’s two-factor authentication (2FA) feature provides additional protection for workspace users by requiring them to provide two forms of authentication before accessing their accounts.

Before you can use 2FA, workspace administrators must enable it for the workspace users. Admins can access this setting from Administration > Workspace > Settings > Accounts > Two Factor Authentication.

Enable 2FA on your account

This section is for workspace users who want to enable or disable 2FA for their own accounts.

The two options for 2FA in Rocket.Chat are:

  • Two factor authentication via TOTP: Requires a code from an authenticator app (e.g., Google Authenticator, Authy, Duo)

  • Two factor authentication via Email: Requires a code sent to your registered email.

Depending on your workspace configuration, you can select one or both options. If you are unsure, contact your workspace administrator.

Enable 2FA via TOTP

Before beginning the setup, download any authenticator app of your choice. Some popular authenticators include Google Authenticator, Authy, and Duo.

  1. Click your avatar and select My Account.

  2. Go to Security > Two Factor Authentication.

  3. Click Enable two-factor authentication via TOTP.

  4. Scan the QR code provided with your authenticator app or set it up manually using the authentication keys.

  5. Add the code generated by the authenticator app (Rocket.Chat: <username>) and click Verify. Your account will be added to the authenticator app.

  6. A list of backup codes is provided in your Rocket.Chat account. Save them securely in case you lose access to your authenticator app.

Now, the 2FA setup is complete. You will be prompted to enter the 2FA code when logging in or performing certain workspace actions according to the workspace settings.

  • TOTP is a Time-based One-Time Password. It is a very common form of 2FA.

  • TOTP works by generating a unique numeric password with a standardized algorithm. Time-based passwords are available and provide user-friendly, increased account security when used as a second factor.

Enable 2FA via email

This method sends temporary codes to your email ID.

  1. Click your avatar and select My Account.

  2. Go to Security > Two Factor Authentication.

  3. Click Enable Two-factor authentication via Email.

To log in to your account, you will need to enter your username, password, and authentication code you receive in your email inbox.

Disable 2FA on your account

To disable the 2FA via TOTP,

  1. Click your avatar and select My Account.

  2. Go to Security > Two Factor Authentication.

  3. Click the Disable Two-factor authentication via TOTP button.

  4. Enter the six-digit TOTP code from your authenticator app and click Verify.

To disable the 2FA via email,

  1. Click your avatar and select My Account.

  2. Go to Security > Two Factor Authentication.

  3. Click the Disable Two-factor authentication via Email button.

  4. Enter the six-digit authentication code sent to your email and click Verify.

Now, 2FA has been disabled on your account.