2-step Verification

2-step verification enhances the security of user accounts. When the feature is enabled, users are required to specify a six-digit security code in addition to the account credentials during the login process.

To use 2-step verification, you must install an authenticator application on your mobile device. The application must implement verification services using the Time-based One-time Password Algorithm (TOTP). QTS supports Google Authenticator (for Android, iOS, and BlackBerry) and Authenticator (for Windows Phone).

Enabling 2-step Verification

Important:

When enabling 2-step verification, you will be logged out of all applications, browsers, and devices where you have logged in with your account. You will have to log in again after completing this setting.

Install an authenticator application on your mobile device.
QTS supports the following applications:
- Google Authenticator: Android, iOS, and BlackBerry
- Authenticator: Windows Phone
Verify that the system times of the NAS and mobile device are synchronized.

Tip:
QNAP recommends connecting to an NTP server to ensure that your NAS follows the Coordinated Universal Time (UTC) standard.
In QTS, go to Options > 2-step Verification.
Click Get Started.

The 2-step Verification window opens.
Open the authenticator application on your mobile phone.
Configure the application by scanning the QR code or specifying the security key displayed in the 2-step Verification window.
In the 2-step Verification window, click Next.

The Confirm your 2-step verification settings screen appears.
Specify the security code generated by the authenticator application.

Select an alternative verification method that will be used whenever your mobile device is inaccessible.

Method	Steps
Answer a security question.	Select one of the options or provide your own security question.
Email a security code.	Go to Control Panel > Notification Center > Service Account and Device Pairing > Email. Verify that the SMTP server is correctly configured.

Click Finish.

Logging in to QTS Using 2-step Verification

Specify your username and password.
Specify the security code generated by the authenticator application installed on your mobile device.

Tip:
If your mobile device is inaccessible, click Verify another way. You can choose to answer a security question or receive a security code via email to verify your identity.
Click Login.

Disabling 2-step Verification

We recommend enabling 2-step verification to ensure your data and device security. However, you can disable 2-step verification if you or other users are locked out of your accounts.

Important:

When disabling 2-step verification, you will be logged out of all applications, browsers, and devices where you have logged in with your account. You will have to log in again after completing the setting.

Perform one of the following tasks according to your situation.

Situation	User Action	Steps
Users are locked out of their accounts.	Administrators can disable 2-step verification from the Control Panel.	Go to Control Panel > Privilege > Users. Identify a locked out user, and then click . Deselect 2-step Verification. Click OK.
An administrator is locked out and no other administrators can access the account.	An administrator must restore the factory settings.	Press the RESET button on the back of the NAS for three seconds. The NAS restores the default administrator password and network settings. Note: For information on the default admin password, see Backup/Restore. Warning: Do not press the RESET button for too long. Pressing the RESET button for 10 seconds restores the system default settings and deletes all users, user groups, and shared folders previously created. Nevertheless, the user data stored on the disks will be retained.

Situation

User Action

Steps

Users are locked out of their accounts.

Administrators can disable 2-step verification from the Control Panel.

Go to Control Panel > Privilege > Users.
Identify a locked out user, and then click .
Deselect 2-step Verification.
Click OK.

An administrator is locked out and no other administrators can access the account.

An administrator must restore the factory settings.

Press the RESET button on the back of the NAS for three seconds.

The NAS restores the default administrator password and network settings.

Note:

For information on the default admin password, see Backup/Restore.

Warning:

Do not press the RESET button for too long. Pressing the RESET button for 10 seconds restores the system default settings and deletes all users, user groups, and shared folders previously created. Nevertheless, the user data stored on the disks will be retained.

Enforcing 2-step Verification

To ensure account and data security, administrators can enforce 2-step verification on specific users or groups. Once 2-step verification is enforced, users must complete the verification setup upon their next login before proceeding to any other operations.

Log on to QTS as administrator.

Go to Control Panel > System > Security > 2-step Verification.

QTS displays a user list and their 2-step verification status.

Status	Description
Enabled	2-step verification is enabled on this user.
Disabled	2-step verification is disabled on this user.
Incomplete	2-step verification is enforced on this user, but this user has not completed the setup.

Select users or groups on whom you want to enforce 2-step verification.
Click Apply.

The verification status of the selected users changes from Disabled to Incomplete. When the selected users complete the setup, the status will change to Enabled.