Steps to secure your Zoho Account

From ordering food directly from an app, to quickly fix a doctor's appointment online, the internet is helping businesses run efficiently. On the other hand, internet security has become an increased concern for individuals and companies alike. At Zoho, our top priority is the success and security of your business. Here are the steps we suggest to provide increased security for your Zoho Account.

Strong Password

Use a strong and unique password for your Zoho account. This will significantly reduce the risk of your account being compromised. Check out this article on common mistakes when choosing a password from Business Insider and make sure you follow the below guidelines:

  • Passwords cannot be the same as your username

  • Password length should be no less than eight characters and no more than 250 characters

  • Passwords should contain at least one special character and one number

  • Passwords should contain both uppercase and lowercase letters

Regularly changing your passwords will also reduce the risk of being hacked. Avoid any previously used passwords for increased protection.

Multi-Factor Authentication

Multi-Factor Authentication is an additional identity verification step that boosts your account security. By enabling MFA, you will add an extra layer of protection to your account. Besides entering your login credentials, you will be asked to verify your identity by providing a biometric Face ID or Touch ID. Additionally, you can confirm login via a notification, or have a one-time verification code sent to your mobile device. We highly recommend adding these additional security measures for increased account security.

To enable Multi-Factor Authentication, we offer an industry-standard authentication application called Zoho OneAuth.  This feature comes with four modes of authentication to choose from:

  • Face ID / Touch ID

  • Push Notification

  • Scan QR Mode

  • Time-Based OTP

Additionally, you can choose to have a unique code generated by Google Authenticator sent to your mobile device via SMS or voice call. Refer to the Zoho OneAuth help guide to get a detailed explanation about the functionality of this app.

App Passwords

An app password is a 12-character passcode that gives an app permission to access your Zoho mail from various email clients (such as Microsoft Outlook, Mozilla Thunderbird, etc.).

If the email service you use faces a security breach, then your Zoho account will also be compromised. Using an app password will shield your Zoho account from a possible security breach. If you have enabled TFA for your account, you cannot use your password directly to access POP/IMAP email clients, Jabber clients, and standalone applications. In that case, it would be best if you use an app password to access those applications.

If TFA is not enabled, then you can use either your Zoho account password or an app password to access POP/IMAP email clients. However, we strongly recommend that you enable TFA. You can generate your app password in the App passwords section of your Zoho Account. 

Allowed IP addresses

If you frequently work with sensitive data, you can set up an authorized IP address range for your Zoho Account. Once configured, you can access your account only from that specific range of IP addresses. This will block any unsolicited access attempts made to your Zoho Accounts from any other IP address. The IP address you provide must be a static IP address and not a Dynamic IP address. A static IP address is an IP address that is configured to your device that remains unchanged, whereas a dynamic IP address is provided by DHCP servers and can change with each session. If you use a dynamic address, the next time you try to log into your account, you might be locked out. To avoid this, please contact your internet service provider to get a static IP address. Visit our help guide to learn more about Allowed IP addresses.

Apart from these steps, you can take additional security measures to your both personal and Zoho accounts through the following ways:

  • Avoid using personal information such as mobile numbers and credit card details on unsecured websites. Websites that do not include https may not be secure

  • Make sure to log out from your accounts on public computers and devices which don't belong to you

  • Use advanced authentication methods like Face ID and biometric verification in TFA

  • Instead of storing all your passwords in your browser, we suggest using a password manager.  This way, your passwords will remain safe even if your browser is compromised.

SMS-based TFA as a second factor for authentication provides an extra layer of security. However, there have been many incidents of hackers convincing mobile service providers to transfer a phone number, SIM card cloning, SMS network compromises, and SMS-capturing traps via phishing websites. Hence, using advanced authentication methods like a fingerprint or facial recognition will help to secure your account even more.

We hope these suggestions are helpful and provide you with additional security precautions. All of us at Zoho are here to support your growing business needs.


37 Replies to Steps to secure your Zoho Account

  1. Zoho is one of the most complete collaboration tool and WorkTech ever in the market. We will explore more about its uses and features and then write a review. We hope the readers here can check back with us and discuss in this review.

  2. I use outlook express to access my zoho email on laptop. however, after i logged in at another laptop with browser, i longer to able sync my mailbox with outlook at my original laptop. i have tested, and Microsoft replied that your server rejected my login. Would you please suggest how to solve this? thanks lot

  3. It doesn't seem to want my Primary Zoho phone # and # to use for authentication to be the same phone # - but I only have one phone #. Is there a way around this?

  4. To give you candid feedback: 1) the constant having to sign in to my acct is very annoying - & certainly is far more often than once per month 2) This is my own laptop which I use every day, so to get a message saying "we have detected a new login from a different device" etc is ridiculous

    1. Hello Ben! To resolve your first issue, you can trust the browser you're using to sign in to your Zoho account. You can learn about trusted browser here" target="_blank" rel="noopener noreferrer nofollow ugc">Trusted BrowsersAnd about your second issue, we send the new sign-in alert only when we detect a new device. This is for your security purpose and to safeguard your account.

      1. This second part does not seem to be true - I too get this email when using the same computer I always do, this occurs when you all log me out and try to make me go through to add 2 factor authentication* and when I final figure out how to get out of that I have this message eve though I am using same computer I always do. (*which it never lets me complete as it says my cell # already exists and it does because it's my Prime # in zoho - but it is my only phone # and your system seems to want two different ones)

  5. Someone got into the account before I did this morning. What should I do about this as this is the first time I am into the account.

    1. Hello Benjamin! I'm sorry to hear that. In order to recover your compromised account, you can try to reset your password. Also please notify us about the issue by sending an email to for us to investigate the issue further. To improve the security of your Zoho account you can also try enabling Multi-factor Authentication. You can read about it" target="_blank" rel="noopener noreferrer nofollow">here.

    1. Hi Paisarn, To change your Zoho account password, 1. Sign in to your Zoho accounts 2. Click Security, then Change Password. To reset your password, click Forgot Password? link during signing in.

  6. This quote keeps coming up when I try to send a message from"An error occurred while trying to sign this message with a certificate from “”. Verify that your certificate for this address is correct, and that its private key is in your keychain." How do I fix this?

  7. The article is very appreciated because it helped me a lot to secure Zoho Account. At first I had a bit problem for signing the Zoho Account as the risk in my account was occurred regarding common mistakes when choosing a password was frequent. With the help of your article my problem was solved. To boosts up my account security, i used two factor authentication with the help of your guide for the protection to my account. I literally didn't knew about the App Passwords so I followed your words and I was able to add password in app which made my account even more secure. Instead of storing all my passwords in the browser, I have used a password manager for safe even if my browser is compromised as per you suggestion. I have even shared this article to my technical friends as this article is satisfying and if any problem arise in the future. I have written an article to login Zoho Email .Please have a look at it.

    1. Hello Aniz! Thank you for your kind response. I'm glad to hear that we have solved your problem. Keep using Zoho products and we're looking forward to your contributions.

  8. Dear Kaavian Sivam & colleagues, I do not use a mobile phone for my online activities, using only a PC for my Zoho account. All your new 2nd security steps seem to require a mobile phone, which I do not wish to use for anything to do with money, online accounts or email addresses, etc. Nobody has access to my home computer and it is well protected and has excellent antivirus and other security measures which have never been breached. Accordingly, I trust I can continue using my Zoho services currently used without the extra risk of using a mobile phone. I look forward to your advice/response. Yours sincerely -

    1. Hello Julian! Sorry, we missed your comment. I understand that you don't wish to use your mobile number for any kind of authentication purposes. We are now supporting YubiKey based authentication. YubiKey is a physical key used for authentication purpose. You can read more about the YubiKey" target="_blank" rel="noopener noreferrer nofollow">here.

    1. Hola juan, Lo sentimos, perdimos tu comentario. Para recuperar tu cuenta, 1. Puede restablecer su contraseña usando ¿Olvidó su contraseña? enlace durante el inicio de sesión 2. Si ya ha descargado códigos de verificación de respaldo, puede usarlos para recuperar su cuenta. Consulte este documento para obtener información sobre cómo utilizar los códigos de verificación de respaldo." target="_blank" rel="noopener noreferrer nofollow">Backup verification codes3. Si aún no puede recuperar su cuenta de Zoho, envíe un correo electrónico a

  9. no puedeo traducir a español la pagina, me pide intentarlo mas tarde, ya lo intente 8 veces y nada que pasa?? necesito ayuda por favor

Leave a Reply

Your email address will not be published.

The comment language code.
By submitting this form, you agree to the processing of personal data according to our Privacy Policy.

Related Posts