How to use two-factor authentication (2FA)

For your security, mailbox.org supports several variants of two-factor authentication:

  1. The best and most secure solution is to buy a mailbox.org YubiKey directly from us (pricelist). This special YubiKey will authenticate your identity by connecting to a dedicated YubiKey server in our data center. No data is transfered to third parties.
    In general, hardware tokens offer better security than software solutions on a mobile phone. See this article for further details: Webmail with one-time-passwords - YubiKey.
  2. Alternatively, you can use a generic Yubikey bought from Yubico. This key will perform authentication using the world-wide YubiCloud service.
  3. As a third variant, users may opt for any OATH-, TOTP-, HOTP- oder mOTP-compatible token generator such as those employed by smartphone apps like FreeOTP, Google Authenticator, or OATH Token (for iPhone).

mailbox.org login with PIN and One-Time-Password

If you want to login with PIN and OTP password in our mailbox.org office webinterface, you have to enter the 4-digit PIN and the One-Time-Password for password input without any whitespace char.

enter OTP and PIN

Configuration of PIN and OTP password

In the mailbox.org Office, go to Settings → mailbox.org → One Time Passwords to select your preferred authentication method.

OTP Config

Set a 4-digit PIN and select the desired OTP security level and method. 

Manage your own OTP token

When selecting the option OTP-generators and other YubiKeys, an additional tool for managing your OTP tokens will be displayed.

Here, you can see tabs that offer options for the quick configuration of Android or Apple smartphones; followed by expert settings for the configuration of arbitrary compatible tokens and for registering third-party YubiKeys; and actions for the management of existing tokens (Enable/Disable/Delete).

Manage your own OTP tokens

After having created an OTP token for a smartphone app, just scan the QR code with your phone to set up the app for generating valid tokens.

Is article helpful?