User Tools

Site Tools


faq:security:2auth

Home > FAQ > Security > Account Security > 2Auth Second Factor Authentication

2Auth Second Factor Authentication

Welcome to the User Guide for 2Auth - the Second Factor Authentication for Lookafter Virtual Office (VO) and webmail system. This guide will walk you through the process of setting up and using 2FA to enhance the security of your webmail account.


What is 2Auth?

2Auth provides an additional layer of security by requiring you to provide a second form of verification in addition to your password during the login process, making it much more challenging for unauthorized individuals to access your account.

In the context of 2Auth, you require the following 2 steps (factors) for successful login:

  1. First Factor: Your email address and password.
  2. Second Factor: The one-time password (OTP) generated by the 2Auth system, which is sent to your registered email address (“2Auth Email”).

Setting Up 2Auth

Enabling 2Auth

1. Log in to your VO or webmail with your email address and password.

2. Go to Profile > 2Auth.

3. Tick the “Enable Second Factor Authentication” checkbox.

4. Enter an email address that will act as your 2Auth Email. This email will receive the OTP codes generated by the 2Auth system on your subsequent logins.

5. Click Update to save your 2Auth setting.

6. Once you have saved the setting, you will see the email verification status as “Pending”. This means your 2Auth Email has not been verified. This status will be automatically updated to “Verified” on your next successful login with 2Auth.

Logging in with 2Auth

1. Once 2Auth is enabled, log in to your VO or webmail with your email address and password.

2. You will see the following screen, prompting you to input the OTP code, which has been sent to your 2Auth Email.

3. Check the email received at your 2Auth Email to obtain the OTP. A sample of the OTP email is shown in the following image.

Note: If you did not see the email in your Inbox, please check the spam or junk folder as well.

4. Enter the OTP code that you received into the given field and click Go.

If the OTP is entered correctly, access to your account will be granted.


Frequently Asked Questions (FAQs)

1. Can I use a personal email address as my 2Auth Email?

Yes, you can use any email address including your personal email address as your 2Auth Email. Please make sure the email address is valid and can receive incoming emails from helpdesk@lookafter.com.

2. Can I use the same email address as the 2Auth Email of multiple user accounts?

Yes. A single email address can be set as the 2Auth Email for multiple different user accounts.

3. What if I did not receive the OTP via my 2Auth Email?

If you did not receive the OTP, here are some steps to troubleshoot the issue:

  • Check your spam or junk folder: Sometimes, legitimate emails, including OTPs, can end up in your spam or junk folder. Be sure to look there for any messages containing the OTP.
  • Wait a few minutes: Occasionally, email delivery can experience delays. Give it a few minutes to see if the OTP arrives.
  • Verify your 2Auth Email: If this is your first time signing in with 2Auth enabled, you can click the Skip button to access your account without entering the OTP. Then, double-check if the email address registered as your 2Auth Email is correct and accurate.
  • Ensure helpdesk@lookafter.com is whitelisted: If you are using a third party or personal email address as your 2Auth Email, make sure its email service or spam filter does not block emails that are sending from lookafter.com.

If you've tried all the above steps and still haven't received the OTP, reach out to our support team at helpdesk@lookafter.com.

4. I have voadmin/avomaster access, what is my role in 2Auth in terms of user management?

As a voadmin or avomaster, you have the administrative rights in the setup, update, reset, and deactivation of 2Auth for your users.
Please refer to: Administrator's Guide to 2Auth

5. How long does the OTP expired?

The 2Auth OTP expires after 20 minutes from the moment it is generated. After this time period elapses, the OTP becomes invalid and cannot be used for authentication purposes.

6. Can I change my 2Auth Email for OTP delivery?

Yes. To update your 2Auth Email, log in to your account and navigate to Profile > 2Auth.

7. What if I receive an OTP email but didn't request it?

If you receive an unexpected OTP email, it is possible that someone is attempting unauthorized access to your account. Please take immediate action to protect your account:

  • Do not use the OTP: First and foremost, do not use the OTP if you didn't request it. Using the OTP in this situation could potentially compromise your account's security.
  • Check your account activity: Log in to your account using your regular credentials (not the unexpected OTP) and go to Profile > Log to review recent account activity. Look for any suspicious login attempts or unauthorized access. If you notice any unusual activity, change your password immediately.
  • Change your password: Even if there is no suspicious activity, it's a good practice to change your password as a precaution. Choose a strong, unique password that includes a combination of letters, numbers, and symbols.
  • Scan for malware: Perform a thorough scan of your computer for malware or viruses. Ensure your device's security software is up-to-date.

8. Is it safe to share my OTP with anyone?

No, OTPs are confidential and should not be shared with anyone. They are meant for your use only and are a crucial part of your account security.

9. Why is my "Email verify status" showing as "Pending"?

If your email verification status is “Pending”, it means your 2Auth Email has not been verified by the 2Auth system. This status will be automatically updated to “Verified” on your next successful login using the OTP received at your 2Auth Email.

10. Can I use the original email address as the 2Auth Email?

Using your original email address as the 2Auth Email is possible over IMAP or POP3 access, but it is not a recommended practice from a security perspective. If your email address is compromised, it could potentially lead to unauthorized access to other data, settings or features associated to the account.

11. Can I use two or more email address to receive OTP?

Currently, 2Auth only allows one email address to be registered per account for OTP delivery.

12. Can I opt for SMS instead of email to receive OTP?

2Auth only provides OTP delivery through email at the moment.

13. Can I disable 2Auth for my account?

If you decide to not use 2Auth, you can disable the feature by unchecking the “Enable Second Factor Authentication” option at your Profile > 2Auth.

14. What if the email address registered as my 2Auth Email no longer able to receive emails?

You can request your voadmin or avomaster to change your 2Auth Email to an email address that can receive the 2Auth OTP emails.

15. I'm having problems accessing my account after enabling 2Auth. What should I do?

If you experienced any issues related to 2Auth, please send the description of issue along with screenshots to helpdesk@lookafter.com for further assistance.

faq/security/2auth.txt · Last modified: 2023/10/27 10:14 by vikki