Activating two-factor email authentication requires installing a TOTP application to Your smartphone, for example Google Authenticator for IOS or Android first.
In order to activate the 2FA, log in to your email account at Webmail.
Activating email two-factor authentication
Click on the Gear icon on the top right and View all settings.
Choose Security -> Two-factor authentication.
In the Security code menu, click Add.
After pressing the Add button, you need to open the TOTP app of your choice on your phone and scan the QR code displayed on the Webmail.ee page with your camera to add the token to the app. A 6-digit confirmation code is displayed after adding the token, which has to be inserted to the respective text box in the webmail window.
2FA is activated only if the confirmation code is correct.
After activating email two-factor authentication webmail will start asking the TOTP code besides the password. Also, it’s not possible to use the old password anymore with IMAP, POP3 and SMTP.
The TOTP code is a 6-digit number, which can be found from the TOTP application (Google Authenticator). The TOTP code changes continuously and every login it’s different.
In order to continue using IMAP, POP3 or SMTP, it’s needed to generate an application password, which can be done from the webmail. It’s suggested to use one password only on a single application or device.
Activating application password
The app password can be generated from Security -> Application Passwords by clicking the Add password button.
Then you have to add a Description of the application (e.g. Outlook or the name of the device) in the description box and press the Create button.
After pressing the button, the password of the application is displayed once and cannot be viewed again later! Enter this password into an email program and don’t save it anywhere!
Use one application password for each email application/program. This way, for example, in case of theft or loss of the device, it is possible to remove the password of one device in particular, and access to the account will be lost immediately.
Deactivating 2FA authentication
For deactivating the 2FA in the Webmail, click on the gear icon on the top right and View all settings.
Choose Security -> Two-factor authentication -> Disable.
How secure is the application password?
The application password is a 16-character long generated unique password which is displayed only once and is meant to be inserted to a specific application without saving it elsewhere. Due to secure connection to the mail server over SSL/TLS, it’s not possible to extract the password.
What happens when a 2FA device gets lost?
It is possible to disable 2FA in the E-mail and Mailboxes section of the web hosting management in the respective mailbox administration. In the Security section, it is necessary to click on the Switch off button.
