/* Error on https://blogs.kolabnow.com/wp-content/themes/kolabnowblogs/fonts/fonts.css : Access to private/internal IPs is not allowed */ /* Error on https://blogs.kolabnow.com/wp-content/themes/kolabnowblogs/css/bootstrap.css : Access to private/internal IPs is not allowed */ /* Error on https://blogs.kolabnow.com/wp-content/themes/kolabnowblogs/js/fa/css/fontawesome-all.min.css : Access to private/internal IPs is not allowed */ /* Error on https://blogs.kolabnow.com/wp-content/themes/kolabnowblogs/style.css : Access to private/internal IPs is not allowed */ /* Error on https://blogs.kolabnow.com/wp-content/themes/kolabnowblogs/mobile.css : Access to private/internal IPs is not allowed */ /* Error on https://blogs.kolabnow.com/wp-includes/css/dist/block-library/style.min.css?ver=6.3.7 : Access to private/internal IPs is not allowed */ /* Error on https://blogs.kolabnow.com/wp-content/plugins/email-subscribers/lite/public/css/email-subscribers-public.css?ver=5.9.8 : Access to private/internal IPs is not allowed */ /* Error on https://blogs.kolabnow.com/wp-content/plugins/wordpress-popular-posts/assets/css/wpp.css?ver=7.3.6 : Access to private/internal IPs is not allowed */ /* Error on https://blogs.kolabnow.com/wp-content/themes/kolabnowblogs/js/slick/slick.css : Access to private/internal IPs is not allowed */ /* Error on https://blogs.kolabnow.com/wp-content/themes/kolabnowblogs/js/slick/slick-theme.css : Access to private/internal IPs is not allowed */ /* Error on https://blogs.kolabnow.com/wp-content/themes/kolabnowblogs/css/mobilemenu.css : Access to private/internal IPs is not allowed */

Blog > Experimenting with TOTP Two Factor Authentication

Experimenting with TOTP Two Factor Authentication

We’re currently experimenting with an implementation of TOTP-based 2 factor authentication, allowing our customers to use a second factor.

Until now, Kolab Now required its users to supply a username and a password. This is considered only a single factor, since the username is your email address and thus known to third parties.

User accounts could, in the near future, be configured such as to require a second factor; if the password to the account is something you know, then a second factor is something you have — in our case, a smartphone with an app.

It comes with a few connotations; only the web client supports 2-factor authentication (2FA). User accounts that are configured to require a second factor will therefore be blocked at the IMAP, POP, ActiveSync, CalDAV, CardDAV and WebDAV level. In other words, a 2FA account can only use the web client.

Stay tuned for updates on the implementation timeline, where we implement this new functionality in production.