Activating two-factor authentication
Before activating the 2FA, it’s needed to install a TOTP application to Your smartphone, for example Google Authenticator for IOS or Android.
The 2FA can be enabled in the webmail from Settings -> Security -> Two-factor authentication.
After pressing the Enable button, you need to open the TOTP app of your choice on your phone and scan the QR code displayed on the Webmail.ee page with your camera to add the token to the app. A 6-digit confirmation code is displayed after adding the token, which has to be inserted to the respective text box in the webmail window.
2FA is activated only if the confirmation code is correct.
After activating the 2FA, webmail will start asking the TOTP code besides the password. Also, it’s not possible to use the old password anymore with IMAP, POP3 and SMTP.
The TOTP code is a 6-digit number, which can be found from the TOTP application (Google Authenticator). The TOTP code changes continuously and every login it’s different.
In order to continue using IMAP, POP3 or SMTP, it’s needed to generate an application password, which can be done from the webmail. It’s suggested to use one password only on a single application or device.
Activating application password
The app password can be generated from Settings -> Security -> Application Passwords by clicking the Create a new password button.
Then you have to add a description of the application (e.g. Outlook) in the description box and press the Create button.
After pressing the button, the password of the application is displayed once and cannot be viewed again later! Enter this password into an email program and don’t save it anywhere!
Use one application password for each email application/program. This way, for example, in case of theft or loss of the device, it is possible to remove the password of one device in particular, and access to the account will be lost immediately.
Switching off 2FA
In order to deactivate 2FA in webmail, you need to go to Security -> Two-factor authentication in your webmail settings and click on the Disable button.
How secure is the application password?
The application password is a 16-character long generated unique password which is displayed only once and is meant to be inserted to a specific application without saving it elsewhere. Due to secure connection to the mail server over SSL/TLS, it’s not possible to extract the password.
What happens when a 2FA device gets lost?
It is possible to disable 2FA in the E-mail and Mailboxes section of the web hosting management in the respective mailbox administration. In the Security section, it is necessary to click on the Switch off button.
