How can we help?




Follow

2FA Webmail User Guide

Stewart -

What is two-factor authentication?

Two-factor authentication (also known as 2FA) means that a person needs two pieces of evidence to log in to an account (e.g. a normal username/password combination, plus a code generated by an app on the person’s smartphone).

How does it work?

Enabling 2FA will help protect your email account. When enabled, you will be asked to enter a time-based code (in addition to your username and password) when logging into webmail.

The code is generated by an app on your phone, tablet or computer, and changes every thirty seconds. This means that if someone was to gain unauthorised access to your username and password, they would not be able to log in to your account without also having access to the device that generates your ever-changing 2FA code.

Why should you enable 2FA?

Setting up and using 2FA is simple and highly recommended.

Your email address is one of the most important digital services to protect. You use your email address to sign up for nearly all other services online, and most of these services will use your email address for account recovery. Therefore, if a malicious person gains unauthorised access to your email, they can use this to reset your passwords on all other services that you have used this email address to sign-up with, which effectively locks you out of those services and provides them with access to the data associated with that service.

Enabling 2FA vastly minimises the risks associated with your password being hacked or leaked during online data breaches, as the user will not be able to authenticate without also providing the time-based code generated by the device in your possession.

How to enable 2FA on your email account

First, you will need to download one of the supported authenticator apps to the device that you intend to use to manage your 2FA codes. Most often, people will use their mobile phone for this, but there are many apps available for both your tablet and computer too.

While any standards-compliant 2FA authenticator app should work, we recommend, and have tested, the following apps:

mceclip0.png mceclip1.png mceclip2.png mceclip3.png mceclip4.png mceclip5.png

Google Authenticator

1Password

Twilio Authy

Last Pass

Duo Authenticator

Trusona

When you have installed your preferred authenticator app, you can begin the setup process.

Setting up 2FA using a QR code

  1. Log in to webmail and use the app switcher menu (mceclip6.png) to navigate to Settings > Accounts
  2. Click the toggle next to “Enable two-factor authentication:

    mceclip7.png

  3. Open the authenticator app that you installed on your chosen device, choose to add a new account, and scan the QR code displayed in webmail settings, as seen in (a). You will now see a six-digit code in your authenticator app. Enter this code into the input field under the QR code titled "Enter security code here", as seen in (b).

    mceclip8.png

  4. Click CONFIRM.

You have now successfully enabled 2FA for your webmail account.

Setting up 2FA manually

  1. Log in to webmail and use the app switcher menu (mceclip6.png) to navigate to Settings > Accounts
  2. Click the toggle next to “Enable two-factor authentication:

    mceclip7.png

  3. If you are unable to scan a QR code with your device, click on the link “enter key manually instead”:

    mceclip9.png

  4. You will now see a 32-digit code on screen. You will need to enter this code into your chosen authenticator app. To simplify this, you can click on the code to copy it to your device clipboard, then paste this into your authenticator app.

    mceclip10.png

  5. You will now see a six-digit code in your authenticator app. Enter this code into the input field under the 32-digit code titled "Enter security code here":

    mceclip11.png

  6. Click CONFIRM

You have now successfully enabled 2FA for your webmail account.

Using 2FA

Now that you have enabled 2FA on your account, you will be required to enter a time-based 2FA code when you log in to your webmail account.

  1. On the webmail login page, enter your username and password, then click SIGN IN
  2. If your username and password were entered correctly, you will now have a new pop-up window on screen that asks you to enter your 2FA security code:

    mceclip12.png

  3. Open your authenticator app and see the time-based, six-digit code on screen. Enter this into the input field titled “Enter security code”.
  4. Click SIGN IN.

Please note, your device will not be remembered by default; you will need to enter a time-based, 2FA code each time that you log in. For convenience, you can choose to have your device remembered for either 7 or 30 days. However, this option should only be used on a personal computer or mobile device that no one else shares. Never choose to have your device remembered on someone else’s device or on a public-use computer (for example, in a library, at an airport, or in an Internet café).

Disabling 2FA

Unless your system administrator has made it mandatory to use 2FA on your account, once enabled you can disable 2FA at any time (although, for your protection, we strongly recommend against disabling 2FA).

To disable 2FA:

  1. Login to webmail and use the app switcher menu (mceclip6.png) to navigate to Settings > Accounts
  2. Click the toggle next to “Enable two-factor authentication to turn it off:

    mceclip13.png

  3. You will be prompted to enter your password (this is the password you would normally use to log in to webmail) and the six-digit 2FA code from your app.
  4. When both your password and 2FA code have been entered, click CONFIRM to disable 2FA for your account.

Please note, once 2FA has been disabled, we strongly advise you to also remove your 2FA code/email account from your authenticator app. If you choose to re-enable 2FA in the future, you will need to follow the steps described above to setup 2FA again, resulting in a new, time-based, 2FA code for your account. Your old 2FA code will not work and, if you do not remove it now, you may later be confused by two codes in your authenticator app for the same webmail account.

Account Recovery

If you lose access to the authenticator app that generates a 2FA code on your device, contact your email support team for assistance in recovering access to your account.

Comments


Contact our support team


+61 (7) 5357 6605       support@atmail.com