From ordering food directly from an app, to quickly fix a doctor's appointment online, the internet is helping businesses run efficiently. On the other hand, internet security has become an increased concern for individuals and companies alike. At Zoho, our top priority is the success and security of your business. Here are the steps we suggest to provide increased security for your Zoho Account.
Use a strong and unique password for your Zoho account. This will significantly reduce the risk of your account being compromised. Check out this article on common mistakes when choosing a password from Business Insider and make sure you follow the below guidelines:
Passwords cannot be the same as your username
Password length should be no less than eight characters and no more than 250 characters
Passwords should contain at least one special character and one number
Passwords should contain both uppercase and lowercase letters
Regularly changing your passwords will also reduce the risk of being hacked. Avoid any previously used passwords for increased protection.
Multi-Factor Authentication is an additional identity verification step that boosts your account security. By enabling MFA, you will add an extra layer of protection to your account. Besides entering your login credentials, you will be asked to verify your identity by providing a biometric Face ID or Touch ID. Additionally, you can confirm login via a notification, or have a one-time verification code sent to your mobile device. We highly recommend adding these additional security measures for increased account security.
To enable Multi-Factor Authentication, we offer an industry-standard authentication application called Zoho OneAuth. This feature comes with four modes of authentication to choose from:
Face ID / Touch ID
Scan QR Mode
Additionally, you can choose to have a unique code generated by Google Authenticator sent to your mobile device via SMS or voice call. Refer to the Zoho OneAuth help guide to get a detailed explanation about the functionality of this app.
An app password is a 12-character passcode that gives an app permission to access your Zoho mail from various email clients (such as Microsoft Outlook, Mozilla Thunderbird, etc.).
If the email service you use faces a security breach, then your Zoho account will also be compromised. Using an app password will shield your Zoho account from a possible security breach. If you have enabled TFA for your account, you cannot use your password directly to access POP/IMAP email clients, Jabber clients, and standalone applications. In that case, it would be best if you use an app password to access those applications.
If TFA is not enabled, then you can use either your Zoho account password or an app password to access POP/IMAP email clients. However, we strongly recommend that you enable TFA. You can generate your app password in the App passwords section of your Zoho Account.
Allowed IP addresses
If you frequently work with sensitive data, you can set up an authorized IP address range for your Zoho Account. Once configured, you can access your account only from that specific range of IP addresses. This will block any unsolicited access attempts made to your Zoho Accounts from any other IP address. The IP address you provide must be a static IP address and not a Dynamic IP address. A static IP address is an IP address that is configured to your device that remains unchanged, whereas a dynamic IP address is provided by DHCP servers and can change with each session. If you use a dynamic address, the next time you try to log into your account, you might be locked out. To avoid this, please contact your internet service provider to get a static IP address. Visit our help guide to learn more about Allowed IP addresses.
Apart from these steps, you can take additional security measures to your both personal and Zoho accounts through the following ways:
Avoid using personal information such as mobile numbers and credit card details on unsecured websites. Websites that do not include https may not be secure
Make sure to log out from your accounts on public computers and devices which don't belong to you
Use advanced authentication methods like Face ID and biometric verification in TFA
Instead of storing all your passwords in your browser, we suggest using a password manager. This way, your passwords will remain safe even if your browser is compromised.
SMS-based TFA as a second factor for authentication provides an extra layer of security. However, there have been many incidents of hackers convincing mobile service providers to transfer a phone number, SIM card cloning, SMS network compromises, and SMS-capturing traps via phishing websites. Hence, using advanced authentication methods like a fingerprint or facial recognition will help to secure your account even more.
We hope these suggestions are helpful and provide you with additional security precautions. All of us at Zoho are here to support your growing business needs.