# Being locked out because of MFA



## Deleted member 66267 (Mar 18, 2021)

MFA = Multi-factor Authentication

Long story short. Zoho just updated their OneAuth app on Android and I have trouble with the TOTP (Time based OTP). I entered the right strings but it always said the strings were wrong. I tried many times, though. I ended up cleared all of the browsing data on my PC and try login again while I quit and re-launch the OneAuth app on my Android phone. This time the TOTP was accepted.

Imagine you can't login to your account even though you have the correct password, it's scary. Luckily the problem was solved, but if it wasn't, I think I will need to contact Zoho for help. For the sake of security, of course. But I think I will move all of my mailing lists subscriptions to my Protonmail.


----------



## olli@ (Mar 18, 2021)

failure said:


> Imagine you can't login to your account even though you have the correct password, it's scary.


Actually that’s the purpose of two-factor authentication: The correct password alone is not sufficient, so a bad guy who snatched your password is not able to log into your account.

Of course, if Zoho made a mistake when updating their app so you had to jump through hoops, that’s a different story. That certainly shouldn’t happen.


----------



## Deleted member 66267 (Mar 19, 2021)

olli@ said:


> Actually that’s the purpose of two-factor authentication: The correct password alone is not sufficient, so a bad guy who snatched your password is not able to log into your account.
> 
> Of course, if Zoho made a mistake when updating their app so you had to jump through hoops, that’s a different story. That certainly shouldn’t happen.


Yeah, it prevented the bad guys but it prevented me, too. I know the good purpose behind it but I think I still need a normal service doesn't force using of MFA but still secure. I choose Protonmail and have moved all of my mailing lists subscription to it. Protonmail is a good backup in case I was really locked out and need to contact Zoho for help.

I admit I really panicked because I currently depend on Zoho too much. I have just generated recovery codes (this feature of Zoho allowed you to login without TOTP given you have the correct code) to deal with future situation like that. I didn't know there is such feature before.


----------

