Enhancing Your Account Security with Two-Factor Authentication

Two-factor authentication (2FA) adds an essential layer of security to your CodaMail account. With 2FA enabled, logging in requires both your password and a temporary code generated by an authenticator app on your phone.

This guide will walk you through setting up and testing 2FA on your CodaMail account.

Before You Begin

• Install a TOTP authenticator app on your mobile device. We recommend:
  • Android: Aegis Authenticator (open-source, secure, includes backup options)
  • iOS/iPhone: 2FAS Authenticator (free, secure, cross-platform)
  • macOS: Authenticator App by 2Stable (native Apple experience with iCloud sync)
  • Other compatible options include Google Authenticator, Microsoft Authenticator, and Authy
• Log in to your CodaMail account before proceeding
• Make sure your device's time is correctly synchronized, as TOTP codes are time-based

Step 1: Access 2FA Settings

1. Log in to your CodaMail account
2. Click on Settings on the left side menu (gear icon)
3. Select 2-Factor Authentication from the settings menu
   (scroll down, it's at the bottom)

This will take you to the 2FA configuration page.

Step 2: Configure 2FA

1. Check the box next to Activate to enable two-factor authentication
2. A secret key will be automatically generated and displayed in the secret field as a password (hidden)
3. Click Show Secret to view the secret key
4. To generate a new secret key, click New Secret
5. Recovery codes are automatically generated. Click Show Recovery Codes to view them
6. If you want new recovery codes, click New Recovery Codes
7. A QR code will be displayed after clicking Show Secret. This can be scanned with your authenticator app

Important: Record your recovery codes in a secure place. Each recovery code can be used once to log in if you lose access to your authenticator app.

Step 3: Set Up Your Authenticator App

For Aegis Authenticator (Android):

1. Open Aegis Authenticator on your Android device
2. Tap the + (plus) button to add a new account
3. Select "Scan QR Code" and point your camera at the QR code displayed on your CodaMail 2FA setup page
4. Alternatively, select "Enter Manually" and enter:
   • Name/Issuer: CodaMail
   • Type: TOTP
   • Secret: [Your Secret Key from CodaMail]
   • Leave other settings at their defaults (Period: 30, Digits: 6, Algorithm: SHA1)
5. Tap the checkmark or Save button to complete setup

For 2FAS Authenticator (iOS):

1. Open 2FAS Authenticator on your iOS device
2. Tap the + button to add a new account
3. Select "Scan QR Code" and point your camera at the QR code displayed on your CodaMail 2FA setup page
4. Alternatively, select "Manual Entry" and enter:
   • Service name: CodaMail
   • Secret key: [Your Secret Key from CodaMail]
   • Leave other settings at their defaults
5. Tap Add to complete setup

Step 4: Test Your 2FA Setup

Before saving your 2FA configuration, it's essential to verify that your authenticator app is correctly generating codes:

1. On the CodaMail 2FA setup page, locate the "Test the generated Passcode here" section
   (you may need to scroll down to see it)
2. Open your authenticator app and view the 6-digit code for CodaMail
3. Enter this code in the test field provided
4. Click Check Code

If the code is correct, you'll see a "Code OK" message, confirming that your authenticator app is properly synchronized with CodaMail.

If you see "Incorrect code", check that:

• Your device's time is correctly synchronized
• You're entering the code quickly before it changes (codes update every 30 seconds)
• The secret key was scanned or entered correctly in your authenticator app

Step 5: Save Your 2FA Configuration

1. After successfully testing a code, click the Save button to activate 2FA on your account
2. You'll see a confirmation message that your 2FA settings have been saved
3. From now on, you'll need to enter a code from your authenticator app when logging in

Important: Make sure you have:

• Successfully set up your authenticator app
• Verified a code works with the "Check Code" feature
• Saved your recovery codes in a secure location

Without these steps, you risk being locked out of your account.

Logging In With 2FA

Now that 2FA is enabled, here's how your login process will work:

1. Enter your username and password on the CodaMail login page as usual
2. After password verification, you'll be redirected to a 2FA code entry page
3. Open your authenticator app and look at the current 6-digit code for CodaMail
4. Enter this code in the provided field
5. You can check "Don't ask me codes again on this computer for X days" to temporarily bypass 2FA on trusted devices
6. Click Proceed to complete the login

Note: TOTP codes change every 30 seconds. If a code is about to expire, wait for the next code before entering it.

Using Recovery Codes

If you lose access to your authenticator app, you can use one of your recovery codes instead:

1. On the 2FA code entry screen, enter one of your saved recovery codes
2. Each recovery code can only be used once
3. After successfully logging in with a recovery code, immediately set up a new authenticator app and generate new recovery codes

Warning: If you use all your recovery codes and don't have access to your authenticator app, you may be permanently locked out of your account. Contact our helpdesk immediately if this occurs.

Managing Your 2FA Settings

You can modify your 2FA settings at any time after setup:

• Disable 2FA: Uncheck the "Activate" box and save your settings
• Generate a new secret: Click "New Secret", set up your authenticator app with the new secret, and save
• Generate new recovery codes: Click "New Recovery Codes", save the new codes in a secure location, and save settings

Note: Any changes to your 2FA settings require you to be logged in and already authenticated.

Authenticator App Setup Guides

Aegis Authenticator Setup (Android)

1. Download and install Aegis Authenticator from Google Play Store or F-Droid
2. Open Aegis and complete the initial setup wizard
   • It's highly recommended to choose password or biometric protection for your vault
   • This ensures your 2FA tokens remain secure even if your phone is lost or stolen
3. To add your CodaMail account:
   • Tap the + button in the bottom-right corner
   • Choose "Scan QR Code" or "Enter Manually"
   • For manual entry, select "TOTP" as the type
   • Enter your secret key exactly as shown in your CodaMail 2FA settings
   • Add a name like "CodaMail" and optionally customize the icon
   • Tap the checkmark to save
4. To create a backup of your 2FA tokens:
   • Tap the three-dot menu and select "Settings"
   • Choose "Backups"
   • Select "Create backup"
   • Choose to encrypt your backup with a password (recommended)
   • Store this backup securely, as it contains all your 2FA secrets

2FAS Authenticator Setup (iOS)

1. Download and install 2FAS Authenticator from the App Store
2. Open 2FAS and complete any initial setup screens
3. To add your CodaMail account:
   • Tap the + button at the bottom
   • Select "Scan QR Code" to scan the QR code from your CodaMail 2FA settings
   • For manual setup, select "Manual Entry"
   • Enter your secret key exactly as shown in CodaMail
   • Add a service name like "CodaMail"
   • Tap "Add" to complete setup
4. To enable iCloud backup (recommended):
   • Tap the menu icon and select "Settings"
   • Toggle on "iCloud Backup" to securely sync across iOS devices
5. To secure the app:
   • In Settings, enable "Face ID/Touch ID" or "Passcode" protection

Troubleshooting

QR Code Not Displaying:

If you're using an anti-fingerprinting plugin or restrictive browser settings, the QR code might not display. Try temporarily disabling these features or use the manual entry method with your secret key.

Codes Not Matching:

• Ensure your device's time is properly synchronized. TOTP codes are time-based and require accurate time settings.
• For Android: Settings > System > Date & Time > Enable "Automatic date & time"
• For iOS: Settings > General > Date & Time > Enable "Set Automatically"

Can't Log In After Enabling 2FA:

• Use one of your recovery codes to gain access
• Ensure you're entering the code from the authenticator app quickly before it expires
• Contact our helpdesk if you've lost access to both your authenticator app and recovery codes

Security Best Practices

• Store recovery codes securely: Keep these codes in a password manager or secure physical location separate from your authenticator app
• Backup your authenticator app: Most authenticator apps offer backup options - use them to avoid losing access if your device is lost or damaged
• Consider multiple authenticator apps: Set up the same TOTP secret on multiple devices as a fallback
• Update your recovery codes periodically: Generate new recovery codes occasionally for enhanced security
• Don't use "Remember this device" on shared or public computers

Need Help?

If you encounter any issues with your 2FA setup or need assistance, please contact our helpdesk.