Ctrlk
Home

Two-Factor Authentication (2FA)

Two-factor authentication (2FA) adds a second credential to the login flow, so a stolen password alone isn't enough to access an account. As a form of multi-factor authentication, it requires users to provide two different types of credentials to log in:

  1. Something they know, typically their password.

  2. Something they have, such as a smartphone, email account, or an authenticator app.

Enabling 2FA is one of the most effective ways to protect your data and reduce the risk of unauthorized access to your ExaVault account.

When enabled, two-factor authentication applies to logins to the web interface. After entering their username and password, users are prompted for a second verification method, depending on their chosen 2FA setup.

Who Can Use 2FA

Any user who can set their own password can also configure 2FA from their User Profile. Each user manages their own 2FA setup; neither administrators nor other users can view or modify another user's 2FA configuration. 2FA credentials stay private even from administrators.

Is 2FA Required?

2FA is optional. If your organization requires 2FA for compliance or internal security policies, each user must enable and configure 2FA on their own account.

ExaVault does not have a setting that mandates 2FA across all users. Adoption is driven through policy or onboarding workflows.

Supported 2FA Methods

ExaVault offers three methods your users can choose from to meet their needs.

Authenticator Apps

These are apps that use TOTP (time-based one-time password), such as Google Authenticator, Duo, and Authy. Authenticator apps are typically installed and used on mobile devices.

If you've lost access to your authenticator app, you can receive a backup code via email during the login process.

SMS (Text Messages)

This method is less secure than an authenticator app but still offers greater security than a password alone.

If you've lost access to your phone, you can receive a backup code via email during the login process.

Email Verification

With this method, the user supplies a code sent to them via email each time they attempt to connect. Like SMS, email-based 2FA is less secure than other options but still better than relying on a password alone.

PreviousExport List of Users and GroupsNextSingle Sign On (SSO), SAML, SCIM

Last updated