2-step verification
Overview
2-step verification enhances the security of user accounts by requiring an extra verification method in addition to user passwords. To use 2-step verification, you must install one of the following authenticator applications on your mobile device.
-
QNAP Authenticator
-
Microsoft Authenticator
-
Google Authenticator
We recommend using QNAP Authenticator, which supports all verification methods. Microsoft Authenticator and Google Authenticator only support the Security Code (TOTP) method.
-
You cannot enable 2-step verification and passwordless login at the same time.
-
Some verification methods require the myQNAPcloud service and a QNAP ID to access the NAS via the Internet. We recommend setting up myQNAPcloud and creating a QNAP ID before enabling 2-step verification if you want to remotely access your NAS.
Supported Verification Methods
QTS supports the following four verification methods for 2-step verification. You can enable multiple verification methods, and you can choose freely from these methods upon each login.
Verification Method |
Description |
---|---|
Security Code (TOTP) |
Enter a dynamic security code generated by your authenticator app every 30 seconds. This verification method does not require a network connection. Tip:
|
QR Code |
Use your authenticator app to scan a QR code displayed on the NAS login screen. |
Login Approval |
Approve a login request displayed on your authenticator app. |
Online Verification Code |
Enter an online verification code displayed on your authenticator app. |
Enabling 2-step verification with a security code (TOTP)
You can freely choose a verification method during the 2-step verification setup. Nevertheless, we recommend enabling your 2-step verification with a security code (TOTP). You can then easily enable other methods at once after completing the setup.
Security Code (TOTP) is a mandatory verification method. You still need to enable Security Code as an alternative method to complete the setup even if you choose to enable 2-step verification with other methods.
2-Step Verification is now enabled for your account. Starting from your next login, you will need to verify your identity with a security code (or with another method) after entering your password.
Enabling 2-step verification with a QR code
You must also enable the Security Code (TOTP) as an alternative verification method.
2-Step Verification is now enabled for your account. Starting from your next login, you will need to verify your identity with a QR code (or with another method) after entering your password.
Enabling 2-step verification with a login approval
You must also enable the Security Code (TOTP) as an alternative verification method.
2-Step Verification is now enabled for your account. Starting from your next login, you will need to verify your identity with a login approval (or with another method) after entering your password.
Enabling 2-step verification with an online verification code
You must also enable the Security Code (TOTP) as an alternative verification method.
2-Step Verification is now enabled for your account. Starting from your next login, you will need to verify your identity with an online verification code (or with another method) after entering your password.
Logging in with 2-step verification
When 2-step verification is enabled, after entering your password, you must verify your identity with an extra verification method: security code (TOTP), QR code, login approval, or online verification code. These methods require your mobile device. Nevertheless, if your mobile device is not available, you can still choose to receive a verification code sent to your email address.
After a successful verification, you are logged in to the NAS. The system displays the desktop and is ready for use.
If you cannot log in to the NAS with any of the above methods due to the unavailability of your mobile device and your email account, you can press the reset button on the NAS for 3 seconds to activate the default administrator account "admin", restore its default password (the MAC address of the first adapter), and then log in to the NAS with this "admin" account. You can then disable 2-step verification for your own account in
. Nevertheless, after completing the setup, you should disable the "admin" account to ensure system security.Enforcing 2-step verification
To ensure account and data security, administrators can enforce 2-step verification on specific users or groups. Once 2-step verification is enforced, users must complete the verification setup upon their next login before proceeding to any other operations.
Users with the System Management or Access Management delegated role can edit 2-step verification settings on anyone except the following users and groups:
-
Their own user accounts and their own groups
-
Users in the "Administrators" group
Disabling 2-step verification
After disabling 2-step verification, you will only be able to verify your identity with your password. Disabling 2-step verification makes your account less secure. If possible, QNAP recommends using 2-step verification to enhance your account and device security.
This topic explains how to disable 2-step verification for your own account. If you are an administrator and want to disable 2-step verification for other user accounts, go to
and then edit their account profile settings.