If this document does not correspond to your current software version, you can go to Download Center to find other available document versions.

QNAP

QTS 5.1.x

Download (PDF)

2-step verification

Overview

2-step verification enhances the security of user accounts by requiring an extra verification method in addition to user passwords. To use 2-step verification, you must install one of the following authenticator applications on your mobile device.

  • QNAP Authenticator

  • Microsoft Authenticator

  • Google Authenticator

We recommend using QNAP Authenticator, which supports all verification methods. Microsoft Authenticator and Google Authenticator only support the Security Code (TOTP) method.

Important:

  • You cannot enable 2-step verification and passwordless login at the same time.

  • Some verification methods require the myQNAPcloud service and a QNAP ID to access the NAS via the Internet. We recommend setting up myQNAPcloud and creating a QNAP ID before enabling 2-step verification if you want to remotely access your NAS.

Supported Verification Methods

QTS supports the following four verification methods for 2-step verification. You can enable multiple verification methods, and you can choose freely from these methods upon each login.

Verification Method

Description

Security Code (TOTP)

Enter a dynamic security code generated by your authenticator app every 30 seconds. This verification method does not require a network connection.

Tip:

  • Security Code (TOTP) is a mandatory verification method if you enable 2-step verification.

  • This verification method also supports Microsoft Authenticator and Google Authenticator.

QR Code

Use your authenticator app to scan a QR code displayed on the NAS login screen.

Login Approval

Approve a login request displayed on your authenticator app.

Online Verification Code

Enter an online verification code displayed on your authenticator app.

Enabling 2-step verification with a security code (TOTP)

You can freely choose a verification method during the 2-step verification setup. Nevertheless, we recommend enabling your 2-step verification with a security code (TOTP). You can then easily enable other methods at once after completing the setup.

Important:

Security Code (TOTP) is a mandatory verification method. You still need to enable Security Code as an alternative method to complete the setup even if you choose to enable 2-step verification with other methods.

  1. Click your username on the desktop task bar.
  2. Select Login and Security.

    The Login and Security window appears.

  3. Go to the 2-Step Verification tab.
  4. Specify a recovery email address.
    Tip:

    This allows the system to send you messages via your email address when you cannot access your mobile device. You can choose to use the personal email address specified in your user profile as the recovery email address.

  5. Click Get Started.

    The Verify Your Identity window appears.

  6. Enter your password to confirm this action.
  7. Click OK.

    QTS displays available verification methods in a new window.

  8. Select Security Code (TOTP).
  9. Click Start.
  10. On your mobile device, download and install QNAP Authenticator from Apple App Store or Google Play.
  11. Click Next.
  12. Open QNAP Authenticator and scan the QR code displayed on the computer screen.

    QNAP Authenticator connects to your NAS and adds the NAS to the device list.

  13. On your QNAP Authenticator, go to the TOTP tab.

    QNAP Authenticator displays a dynamic security code that is automatically renewed every 30 seconds.

  14. On the NAS, enter the security code currently displayed on QNAP Authenticator.
    Tip:

    QNAP Authenticator displays a security code with a space in the middle. However, you do not need to insert a space when entering a security code on the NAS.

  15. Click Verify.
  16. Click Finish.

    The Verify Your Identity window appears.

  17. Enter your password to confirm this action.
  18. Click OK.

    QTS displays a summary of your 2-step verification settings.

  19. Optional: Enable more verification methods.

    • QR Code

    • Login Approval

    • Online Verification Code

2-Step Verification is now enabled for your account. Starting from your next login, you will need to verify your identity with a security code (or with another method) after entering your password.

Enabling 2-step verification with a QR code

Important:

You must also enable the Security Code (TOTP) as an alternative verification method.

  1. Click your username on the desktop task bar.
  2. Select Login and Security.

    The Login and Security window appears.

  3. Go to the 2-Step Verification tab.
  4. Specify a recovery email address.
    Tip:

    This allows the system to send you messages via your email address when you cannot access your mobile device. You can choose to use the personal email address specified in your user profile as the recovery email address.

  5. Click Get Started.

    The Verify Your Identity window appears.

  6. Enter your password to confirm this action.
  7. Click OK.

    QTS displays available verification methods in a new window.

  8. Select QR Code.
  9. Click Start.
  10. On your mobile device, download and install QNAP Authenticator from Apple App Store or Google Play.
  11. Click Next.
  12. Open QNAP Authenticator and scan the QR code displayed on the computer screen.

    QNAP Authenticator connects to your NAS and adds your NAS to the device list.

  13. Click Next.

    QTS displays a summary of your 2-step verification settings.

  14. Optional: Enable more verification methods.

    • QR Code

    • Login Approval

    • Online Verification Code

  15. Click Next.

    The Verify Your Identity window appears.

  16. Enter your password to confirm this action.
  17. Click Finish.
  18. Set up Security Code (TOTP) as an alternative verification method.
    1. Use your QNAP Authenticator to scan the QR code displayed on the computer screen.

      QNAP Authenticator displays a dynamic security code that is automatically renewed every 30 seconds.

    2. On the NAS, click Next.
    3. On the NAS, enter the security code currently displayed on your QNAP Authenticator.
    4. Click Verify.
  19. Click Finish.

    QTS displays a summary of your 2-step verification settings.

2-Step Verification is now enabled for your account. Starting from your next login, you will need to verify your identity with a QR code (or with another method) after entering your password.

Enabling 2-step verification with a login approval

Important:

You must also enable the Security Code (TOTP) as an alternative verification method.

  1. Click your username on the desktop task bar.
  2. Select Login and Security.

    The Login and Security window appears.

  3. Go to the 2-Step Verification tab.
  4. Specify a recovery email address.
    Tip:

    This allows the system to send you messages via your email address when you cannot access your mobile device. You can choose to use the personal email address specified in your user profile as the recovery email address.

  5. Click Get Started.

    The Verify Your Identity window appears.

  6. Enter your password to confirm this action.
  7. Click OK.

    QTS displays available verification methods in a new window.

  8. Select Login Approval.
  9. Click Start.
  10. On your mobile device, download and install QNAP Authenticator from Apple App Store or Google Play.
  11. Click Next.
  12. Open QNAP Authenticator and scan the QR code displayed on the computer screen.

    QNAP Authenticator connects to your NAS and displays a verification code.

  13. Verify whether QTS also displays the same verification code.
  14. On QNAP Authenticator, tap Approve if both verification codes match.

    QTS displays a summary of your 2-step verification settings.

  15. Optional: Enable more verification methods.

    • QR Code

    • Login Approval

    • Online Verification Code

  16. Click Next.

    The Verify Your Identity window appears.

  17. Enter your password to confirm this action.
  18. Set up Security Code (TOTP) as an alternative verification method.
    1. Use your QNAP Authenticator to scan the QR code displayed on the computer screen.

      QNAP Authenticator displays a dynamic security code that is automatically renewed every 30 seconds.

    2. On the NAS, click Next.
    3. On the NAS, enter the security code currently displayed on your QNAP Authenticator.
    4. Click Verify.
  19. Click Finish.

    QTS displays a summary of your 2-step verification settings.

2-Step Verification is now enabled for your account. Starting from your next login, you will need to verify your identity with a login approval (or with another method) after entering your password.

Enabling 2-step verification with an online verification code

Important:

You must also enable the Security Code (TOTP) as an alternative verification method.

  1. Click your username on the desktop task bar.
  2. Select Login and Security.

    The Login and Security window appears.

  3. Go to the 2-Step Verification tab.
  4. Specify a recovery email address.
    Tip:

    This allows the system to send you messages via your email address when you cannot access your mobile device. You can choose to use the personal email address specified in your user profile as the recovery email address.

  5. Click Get Started.

    The Verify Your Identity window appears.

  6. Enter your password to confirm this action.
  7. Click OK.

    QTS displays available verification methods in a new window.

  8. Select Online Verification Code.
  9. Click Start.
  10. On your mobile device, download and install QNAP Authenticator from Apple App Store or Google Play.
  11. Click Next.
  12. Open QNAP Authenticator and scan the QR code displayed on the computer screen.

    QNAP Authenticator connects to your NAS and displays a verification code.

  13. On the NAS, enter the verification code displayed on your QNAP Authenticator.
  14. Click Verify.
  15. Click Next.

    QTS displays a summary of your 2-step verification settings.

  16. Optional: Enable more verification methods.

    • QR Code

    • Login Approval

    • Online Verification Code

  17. Click Next.

    The Verify Your Identity window appears.

  18. Enter your password to confirm this action.
  19. Set up Security Code (TOTP) as an alternative verification method.
    1. Use your QNAP Authenticator to scan the QR code displayed on the computer screen.

      QNAP Authenticator displays a dynamic security code that is automatically renewed every 30 seconds.

    2. On the NAS, click Next.
    3. On the NAS, enter the security code currently displayed on your QNAP Authenticator.
    4. Click Verify.
  20. Click Finish.

    QTS displays a summary of your 2-step verification settings.

2-Step Verification is now enabled for your account. Starting from your next login, you will need to verify your identity with an online verification code (or with another method) after entering your password.

Logging in with 2-step verification

When 2-step verification is enabled, after entering your password, you must verify your identity with an extra verification method: security code (TOTP), QR code, login approval, or online verification code. These methods require your mobile device. Nevertheless, if your mobile device is not available, you can still choose to receive a verification code sent to your email address.

  1. Connect to your NAS.

    The NAS displays the login screen.

  2. Enter your username.
  3. Click Next.
  4. Enter your password.
  5. Click Next.
  6. Verify your identify.
    Tip:

    You can click Try another way to select a different verification method.

    Verification Method

    User Action

    Security Code (TOTP)

    1. Open QNAP Authenticator and go to the TOTP tab.

    2. On the NAS, enter the security code currently displayed on QNAP Authenticator.

    3. Click Next.

    QR Code

    Open QNAP Authenticator and scan the QR code displayed on the NAS login screen.

    Login Approval

    1. Verify whether the NAS and QNAP Authenticator display the same security code.

    2. Tap Approve on QNAP Authenticator.

    Online Verification Code

    1. Open QNAP Authenticator and check the verification code.

    2. On the NAS, enter the verification code.

    3. Click Next.

    Email

    1. Enter the verification code sent to your email address.

    2. Click Next.
  7. Optional: Enable Don't verify again on this device if you want to reduce verification frequency on this device.

After a successful verification, you are logged in to the NAS. The system displays the desktop and is ready for use.

Tip:

If you cannot log in to the NAS with any of the above methods due to the unavailability of your mobile device and your email account, you can press the reset button on the NAS for 3 seconds to activate the default administrator account "admin", restore its default password (the MAC address of the first adapter), and then log in to the NAS with this "admin" account. You can then disable 2-step verification for your own account in Control Panel > Privilege > Users > Account Profile. Nevertheless, after completing the setup, you should disable the "admin" account to ensure system security.

Enforcing 2-step verification

To ensure account and data security, administrators can enforce 2-step verification on specific users or groups. Once 2-step verification is enforced, users must complete the verification setup upon their next login before proceeding to any other operations.

Note:

Users with the System Management or Access Management delegated role can edit 2-step verification settings on anyone except the following users and groups:

  • Their own user accounts and their own groups

  • Users in the "Administrators" group

  1. Log on to QTS as administrator.
  2. Go to Control Panel > System > Security > 2-step Verification.

    QTS displays a list of users and their 2-step verification status.

    Tip:

    You can select an option from the drop-down list to view the current status of local users, local groups, domain users, and domain groups.

    Status

    Description

    Enabled

    2-step verification is enabled for this user.

    Disabled

    2-step verification is disabled for this user.

    Incomplete

    2-step verification is enforced for this user, but this user has not completed the setup.
  3. Select users or groups on whom you want to enforce 2-step verification.
  4. Click Apply.

    The verification status of the selected users changes from Disabled to Incomplete. When the selected users complete the setup, the status will change to Enabled.

Disabling 2-step verification

After disabling 2-step verification, you will only be able to verify your identity with your password. Disabling 2-step verification makes your account less secure. If possible, QNAP recommends using 2-step verification to enhance your account and device security.

Important:

This topic explains how to disable 2-step verification for your own account. If you are an administrator and want to disable 2-step verification for other user accounts, go to Control Panel > Privilege > Users and then edit their account profile settings.

  1. Click your username on the desktop task bar.
  2. Select Login and Security.

    The Login and Security window appears.

  3. Go to the 2-Step Verification tab.
  4. Under Protect your account with 2-Step Verification, click Disable.

    The Verify Your Identity window appears.

  5. Enter your password.
  6. Click OK.