To enhance the security of your Rocket.Chat account across all platforms, you can enable two-factor authentication (2FA). 2FA adds an extra layer of protection by requiring a second form of verification, in addition to your password, when you sign in or perform sensitive actions.
Are you a workspace administrator?
Before users can enable 2FA, the feature must first be turned on at the workspace level. See Two-Factor Authentication Configuration for setup instructions.
Before you begin
Confirm that your workspace administrator has enabled 2FA. If you don't see Two Factor Authentication in your Security settings, the feature has not been turned on yet, contact your administrator.
For TOTP setup, install an authenticator app on your phone before starting. Common options include Google Authenticator, Authy, and Duo.
2FA methods
Rocket.Chat supports two methods:
TOTP (Time-Based One-Time Password): A 6-digit code generated by an authenticator app, refreshing every 30 seconds.
Email: A one-time verification code sent to your registered email address.
Depending on your workspace configuration, you may be able to enable one or both methods. If you're unsure which is available, contact your workspace administrator.
Enable 2FA via TOTP
TOTP generates a temporary numeric code based on a standardized algorithm and the current time. Because the code refreshes frequently, it provides a strong second layer of security beyond your password.
Before you begin, install an authenticator app of your choice, such as Google Authenticator, Authy, or Duo.
To enable TOTP:
In Rocket.Chat, click your avatar and go to Account → Profile.
Navigate to Security → Two Factor Authentication.
Toggle on Two-factor authentication via TOTP. A QR code, a manual setup code, and a verification field will appear on screen.
Open your authenticator app and add a new account by either:
Scanning the QR code with your phone's camera, or
Selecting your app's "Enter a setup key" (or similarly named) option and pasting the alphanumeric code shown above the QR code.
Your account will appear in the authenticator app as
Rocket.Chat:<username>and immediately start displaying a 6-digit code that refreshes every 30 seconds.Back in Rocket.Chat, type the current 6-digit code from your authenticator app into the Enter code provided by authentication app field.
Click Verify.
After this point, you'll be prompted for a TOTP code when logging in or performing sensitive actions, depending on your workspace settings.
Save your backup codes
Once verification is complete, Rocket.Chat displays a list of backup codes. Save these codes immediately in a secure location, such as a password manager.
Backup codes are the only way to regain access to your account if you lose your phone or authenticator app. If you run out of backup codes, you'll need to ask your workspace administrator to reset your TOTP.
Enable 2FA via email
This method sends a one-time verification code to your registered email address each time you sign in or perform a sensitive action.
To enable email-based 2FA:
Click your avatar and go to Account → Profile.
Navigate to Security → Two Factor Authentication.
Toggle on Two-factor authentication via Email.
That's it. From now on, a verification code will be emailed to you whenever you log in or perform sensitive actions.
Disable 2FA on your account
You can disable 2FA at any time from your account settings.
To disable 2FA via TOTP:
Click your avatar and go to Account → Profile.
Navigate to Security → Two Factor Authentication.
Toggle off Two-factor authentication via TOTP.
Enter the current 6-digit code from your authenticator app and click Verify.
To disable 2FA via Email:
Click your avatar and go to Account → Profile.
Navigate to Security → Two Factor Authentication.
Toggle off Two-factor authentication via Email.
Enter the 6-digit code sent to your email and click Verify.
Once verification is complete, 2FA is disabled for your account.