In this short (8 minute) video, I’ll teach you two important things:
- What two-factor authentication is (why it is critical, and why it’s not as complicated as it sounds),
- How to enable two-factor authentication on your Zimbra account.
Important Note: If you use your smartphone or IMAP to check your Zimbra account email, or your email app doesn’t support 2FA (which is often the case on smartphones), it is important that you also follow this tutorial to configure your Application Code. Failure to do so could result in your device getting blocked by the Zimbra server for failed authentication.
See below for a text version of the instructions provided within this video.
New to Zimbra?
Our Zimbra service provides full business email, calendar and collaboration suite, complete with ActiveSync support to allow shared calendars and folders on all your devices.
Compatible with all major operating systems and devices. Get the most out of Microsoft Outlook® and your company smartphones with our managed, fully hosted Zimbra service.
It takes just 3 minutes to secure your account with two-step authentication.
Here is a text version of the instructions provided in this video:
- Close Microsoft Outlook® on your computer, if applicable.
- In your web browser on your computer, visit https://zimbra.positiveesolutions.ca/ and login to your Zimbra account. Don’t have an account yet? Click here.
- Click on the Preferences tab at the top, followed by Accounts at the left.
- In the section Account Security, click Setup two-step authentication.
- Read the introduction and press Begin Setup.
- Confirm your password and press Next.
- Install Google Authenticator on your smartphone. Links: For Android or For iPhone.
- On your computer where Zimbra is waiting for you to proceed, click Next.
- Open Google Authenticator on your phone and press the + (plus) icon at the bottom right and choose “Enter a setup key”.
- In the Account name field, enter a friendly name, such as Zimbra or Work Email. This is only for your reference.
- In the Your key field, carefully type the setup key Zimbra is displaying in the dialog window on your computer.
- Leave Type of key set to Time Based and press Add.
- On your computer, click Next.
- Enter the numerical code being displayed for the newly added Zimbra service in Google Authenticator. Observe the timer, and wait until you have plenty of time to enter it. If the timer runs out before you finish entering the code, the code will change and no longer be valid. Click Next.
- If all went well and Zimbra says Success, you’re done! If not, follow the prompts on screen to correct the issue.
- Microsoft Outlook® users may now re-open Outlook. Since the Zimbra Connector needs to make changes to the user profile, Outlook may close almost immediately. Re-open it, and you’ll be prompted for your two-step authentication code.
Optional: In Preferences->Accounts on your Zimbra web login, you’ll see a section titled One-time Codes. Click View, and print your single-use recovery codes just in case your phone is ever lost, stolen, or malfunctioning. These codes will grant you access, working as single-use second factor codes. Keep them safely hidden away.
Stay safe.
– Robbie
Robbie Ferguson is the host of the Endpoint Security Podcast at Positive E Solutions Inc. His day-to-day includes providing security-related advice and training to companies and individuals across Canada, and offering solutions to protect against modern threats in the workplace.