This guide explains how to enable two-factor authentication, or two-step verification, to secure the connection to your Infomaniak account (and consequently access to kSuite tools, hosting, etc.).

Preamble

• This two-step validation, also known as multi-factor / two-factor authentication (2FA, in English two-factor authentication, 2FA) protects access to your Infomaniak account by:
  1. your chosen password
  2. and a second identity verification method, such as a code obtained on your mobile device, for example.
• If a malicious person managed to decipher or steal your password, they would still need a validation code that only the legitimate user can obtain on their mobile device.
• Refer to this other guide if you are an administrator of an Organization and want to enforce 2FA for all users who have not yet activated it.

Enable two-step validation

To increase the security level of your Infomaniak account:

1. Click here to log in and access the management of two-factor authentication on the Infomaniak Manager.
2. Once logged in, you can choose a 2FA method:
   
   1. the kAuth app for iOS / Android devices
   2. another method (see below).

Request for connection authorization via Infomaniak apps

1. From the moment you activate 2FA by configuring one of the methods presented below, it is automatically the Infomaniak apps (Mail, kChat, kDrive...) that will allow you to validate the connection when connecting from another device:
   
2. You can, of course, request on a case-by-case basis to receive the validation request on one of the other registered methods:
   
3. In this case, you access the different 2FA methods already registered on your account:
   

The different validation methods

At point a above, you can download and configure the iOS / Android kAuth app (refer to this other guide on this subject):

• It allows you to receive a push notification YES / NO to authorize or not the connection to your Infomaniak account.
• It also generates a one-time code, including offline, to allow connection.

At point b above, you can choose another method from:

1. any OTP application (such as Authy for example) to obtain a one-time code
2. YubiKey (from Yubico)
3. SMS (only for CH / FR / BE / DE countries) to obtain a one-time code

Then click the button to add the method and follow the on-screen instructions to complete the setup.

Be careful with synchronizations already in place

Once strong authentication is enabled, to access certain tools (synchronization for example) it is necessary to create application passwords.

It is not necessary to call Infomaniak, which does not have any of your codes & passwords in its possession. For any assistance request regarding 2FA, refer to this other guide.

Modify the default option or remove one

If you have enabled multiple validation methods (SMS, OTP application…), you can define the one that will be proposed by default for each connection.

1. Click here to log in and access the management of two-factor authentication on the Infomaniak Manager.
2. Click the button to set as default.
3. Click on the trash can to remove and no longer propose the selected method:
   

To completely remove 2FA, refer to this other guide.

Authenticate each time the browser is opened

To request not to keep cookies when closing browser windows, and therefore request authentication each time you access the Infomaniak Manager when you restart the browser…

... on Chrome

Specify in Google Chrome settings (chrome://settings/content/siteData to paste in the address bar or refer to the official documentation) the address [*.]infomaniak.com: