WebMail Lite 8 Documentation

Two-factor authentication

Starting from version 8.2.4, WebMail Lite 8 offers support for two-factor authentication, also known as 2-step verification. The idea behind this approach allows users to increase their account security by having to enter PIN code obtained via authentication application installed on their mobile device. It can be used with any 2-step authentication app, such as Google Authenticator or Authy.

Two-factor auth is implemented as module which need to be installed by system administrator. You can download the module here. For installation instructions, see the guidelines on adding modules. Also, be sure to purge data/cache/ directory content to avoid translation issues.

Plugin supports optional parameter set in data/settings/modules/TwoFactorAuth.config.json file:

"ClockTolerance": [
    2,
    "int"
]

This will accept codes starting from ClockTolerance 30sec ago to ClockTolerance 30sec from now. Increasing this value may help resolving auth issues caused by inexact time sync.

Once the module is installed, a new tab "Two Factor Verification" is added to user account settings area. In there, user can enable authentication for their account, and proceed by scanning QR code from that page or by manually entering secret key into their authentication app.

Assuming user has enabled and set up 2-step verification for their account, they will get additional popup upon next login to WebMail Lite 8, where they're required to enter PIN code obtained from authentication app installed on their mobile device.

NB: Currently, there's a known conflict between this functionality and accessing DAV server. We're researching it now.