Two-Factor Authentication (2FA)

Two-factor authentication (2FA) is a security feature that adds an extra layer of protection to user accounts. As a form of multi-factor authentication, it requires users to provide two different types of credentials to log in:

Something they know – typically their password
Something they have – such as a smartphone, email account, or an authenticator app

Enabling 2FA is one of the most effective ways to protect your data and reduce the risk of unauthorized access to your ExaVault account.

When enabled, two-factor authentication applies to logins to the web interface. After entering their username and password, users will be prompted to provide a second verification method—depending on their chosen 2FA setup.

Who Can Use 2FA

Any user who is able to set their own password can also configure 2FA from their User Profile. Each user manages their own 2FA setup; neither administrators nor other users have access to view or modify another user's 2FA configuration.

This ensures that 2FA credentials remain private and secure, even from administrators.

Is 2FA Required?

2FA is optional. If your organization requires 2FA for compliance or internal security policies, each user must manually enable and configure 2FA for their own account.

At this time, there is no enforced requirement feature to mandate 2FA across all users—though that can be encouraged through policy or onboarding workflows.

Supported 2FA Methods

ExaVault offers 3 methods your users can choose from to meet their needs.

Authenticator Apps

These include apps that use TOTP (time based one-time password) such as Google Authenticator, Duo, and Authy. Authenticator apps are typically installed and used on mobile devices.

If you've lost access to your authenticator app, you can receive a backup code via email during the login process.

SMS (Text messages)

This method is considered less secure than using an authenticator app but still offers greater security than password alone.

If you've lost access to your phone, you can receive a backup code via email during the login process.

Email Verification

With this method, the user must supply a code sent to them via email each time they attempt to connect. Just like SMS, receiving a 2FA code with email is less secure than other options, but still better than relying on a password alone.

PreviousExport List of Users and Groups NextSingle Sign On (SSO), SAML, SCIM

Last updated 1 day ago