Frequently Asked Question
Security: How to enhance account security using 2-step verification?
Last Updated 4 years ago
Start 2-step verification2-step verification enhances the security of user accounts. Once enabled, you will need to enter a one-time security code (6 digits) in addition to your password whenever you sign in to the NAS. 2-step verification requires a mobile device with an authenticator app which supports the Time-based One-Time password (TOTP) protocol. Supported apps include Google Authenticator (Android/iPhone/BlackBerry) or Authenticator (Windows Phone).To use this function, follow the below steps:
(1) Install the authenticator app on your mobile device
For Android and iOS devices, install the Google Authenticator app from their respective app stores.
(2) The system time of your mobile device and NAS must be synchronized. It is recommended to use the time provided from the Internet.
(3) Go to "Options" > "2-step Verification" and click "Get Started". Complete the steps in the wizard to set up the NAS and your mobile device.
Step 1: Configure your authenticator app by scanning the QR code or by entering the Secret Key into the app.
Step 2: Enter the code generated from the app to the NAS to verify the correct configuration.
Step 3: Select an alternative verification method by emailing you a security code or by answering a security question if you cannot use your mobile device. To email a security code, the SMTP server must be properly configured in “Control Panel” > “Notification” >”E-mail”.
Sign in QTS with 2-step verificationAfter your username and password are verified, you will be promoted to enter a security code. Enter the code currently provided from the authenticator app to sign in to QTS.
If you cannot use your mobile device or your device is lost, you can select “Verify another way” to sign in with your chosen alternative verification method.
Stop 2-step verificationIf you want to disable 2-step verification, go to “Options” > “2-step Verification” and click “Stop”.
Administrators can disable 2-step verification for other NAS account users if they are locked out by going to “Control Panel” > “Users” > “Edit Account Profile”
If an administrator cannot use a mobile device to sign in to QTS and no other administrators are available to disable 2-step verification for the locked-out administrator, you can contact QNAP customer service for assistance or restore the NAS settings by physically pressing the "RESET" button (Basic System Reset). For further information, check the Hardware section in the User Manual.
- Can I use multiple mobile devices to support 2-step verification for the same NAS user account?
Yes. During the initialization, you can use different mobile devices by scanning the same QR code.
- How many times can I try to enter a security code?
2-step verification will follow the same rules defined in “Control Panel” > “Security” > “Network Access Protection” to prevent unwanted intrusions.
- How many times can I try with an alternative verification method?
Each user has five attempts at emailing a security code or answering a security question (this counter will reset after a successful login.) If a user exceeds this limit, they will need to contact their NAS administrator to disable 2-step verification.