OneAuth Reborn: MFA For All Accounts

In this edition of the OneAuth reborn series, I'll be giving you an introduction to the new OneAuth's OTP authenticator and its backup-and-sync feature.

Check out the previous blog about passwordless authentication by OneAuth here.

Due to ever-evolving security threats, protecting online accounts has become more important than ever. Business organizations across the globe are rapidly moving towards implementing an additional level of verification for their online assets. Generally, people choose SMS-based one-time passwords (OTP) as their preferred mode of authentication, yet many security experts advise otherwise. There is no doubt that SMS-based authentication is better than relying on passwords alone. However, as hackers are becoming increasingly sophisticated, SMS-based multi-factor authentication (MFA) has a high chance of interception by them. In fact, towards the end of 2016, the U.S. National Institute of Standards and Technology (NIST) started the process of deprecating SMS-based MFA, as it is the least secure way to protect one's online accounts.

Speaking of MFA, the next best alternative for SMS-based OTP is the use of authenticator apps. They generate time-based one-time passwords (TOTPs) periodically that expire after 30 seconds. These authenticator apps are considered a better solution and more secure than SMS-based OTPs. This is because TOTPs are generated within a device, and have almost zero chance of being intercepted by external actors. They can also be used even when the mobile device is offline. However, a major concern with most traditional authenticators, including the ones from Google and Microsoft, is that if you uninstall the app accidentally, you will lose access to your accounts. OneAuth has solved that issue with its latest update.

Introducing OneAuth's OTP authenticator.

In the latest update, OneAuth has transitioned from just protecting your Zoho account to providing MFA for non-Zoho accounts too. Through OneAuth's OTP authenticator, you can configure MFA for your online accounts like Google, Microsoft, and Facebook, etc. Moreover, the OTP authenticator of OneAuth has a major advantage over traditional authenticators as it provides the backup-and-sync option for your OTP secrets. You can back them up securely to the Zoho cloud in an encrypted form to keep hackers away from your data. This way, you will never lose access to your accounts, even if you uninstall OneAuth from your device, as you can restore the OTP secrets whenever you want.

Additionally, if you've installed OneAuth on multiple devices, once the secrets are backed up, it will be synced with all of those devices. This means you don't have to rely only on your primary device for authentication. You can also use OneAuth's OTP authenticator even if you haven't signed up for a Zoho account. Learn more about how to configure the OTP authenticator for your non-Zoho accounts via our help guide.

OneAuth is available for free and can be downloaded from the Playstore and AppStore. Give it a spin and tell us about your experience with OneAuth's OTP authenticator in the comments.


9 Replies to OneAuth Reborn: MFA For All Accounts

  1. Hi I have an Zoho account but any time I try to sign in, the system asked me for a SMS verification but is sent to an OTP wrong phone number.

  2. Je ne sais pas comment accéder à Zoho depuis que j'ai installé la mise a jour OneAuth. La demande d'approbation qui devrait arriver sur l'application téléphonique n'arrive pas. Je n'ai aucun moyen de réinitialiser l'application ou de me connecter

  3. Sounds exciting for the typical user. I have 179+ passwords and climbimg. Dashlane is trying to stay on track for me, but when it screws up I can lose an hour of time. Please make a llist of potential Apple users' perhaps you may want to try a Beta on us. Peter S Kennedy MS,

  4. While I was able to d/load 1auth to my iPhone, the App Store on my new MacBook Air is unable to "find" anything called "Zoho OneAuth;" why is that?

    1. Hello Art Forrest! OneAuth is not available for macOS currently. We are working on it. Stay tuned for updates.

  5. Hello!! WOW!! A Powerful Update THANK YOU SO MUCH I really surprised! Just a minor question, the OneAuth encrypts and saves all data under our Zoho Vault account or both are separated?

    1. Hello Hasan! We are glad that we made you feel that way and yes, both OneAuth and Vault are different.

Leave a Reply

Your email address will not be published.

The comment language code.
By submitting this form, you agree to the processing of personal data according to our Privacy Policy.

Related Posts