Two-Factor Authentication (2FA) adds an extra layer of security to your Zecurit account by requiring a one-time passcode (OTP) in addition to your regular password. This helps protect your organization from unauthorized access, even if login credentials are compromised.
Note: Only the Super Admin can enable or disable 2FA for your organization.
What Happens When 2FA is Enabled?
- Mandatory for All Users: Once 2FA is turned on, it becomes required for every user on the platform.
- Setup on Next Login: Users will be prompted to complete their 2FA setup during their next login session.
- OTP Delivery: A One-Time Passcode is sent to the user’s registered email address.
- OTP Validity: The passcode is valid for 15 minutes from the time it is generated.
Login Flow with 2FA Enabled
- User enters username and password as usual.
- Zecurit sends an OTP to the registered email.
- User enters the OTP to complete login.
Super Admin Control
| Action | Description |
|---|---|
| Enable/Disable 2FA | Only the Super Admin can toggle this setting under Settings → Security → 2F Authentication |
| Global Enforcement | Once enabled, applies to all users |
| No User Opt-Out | Individual users cannot bypass or disable 2FA |
Account Lockout Protection
To safeguard against brute-force attacks, we’ve implemented an account lockout policy.
- 5 incorrect OTP attempts → The user’s account is temporarily locked.
- Both Super Admin and Administrators have the ability to unlock these accounts.
Troubleshooting
- Didn’t Receive OTP?
- Check your spam or junk folder.
- Ensure your registered email is correct.
- Locked Out?
- Contact your Super Admin or IT administrator for help unlocking your account.
- Email Delivery Delays?
- Delays may occur due to mail server issues. Wait briefly and retry.