Two-factor Authentication (2FA)
Two-factor authentication (2FA) is a good way to improve the security of an account, to make it less likely that an other person will manage to log in instead of you.
Practically, it means storing a secret inside an authenticator (usually your cell phone) and exchanging a code from the authenticator when you try to log in.
This means an attacker needs both to have guessed (or found) your password and to access (or steal) your authenticator, a more difficult proposition than either one or the other.
With the introduction of Odoo 14, two-factor authentication is by default integrated into Odoo. However, it must be activated by the user. On this page you will find a step-by-step description of how to set up and activate two-factor authentication in Odoo yourself.
We will use Google Authenticator for demonstration purposes, however Authy works in a similar way. Both authenticators have their specific advantages and the choice will depend on your personal preference.
SETting up TWO-FACTOR AUTHENTICATION
After installing the authenticator app, log in to your Odoo environment and click in your personal menu at the top right, and then click on the option "My Profile":
Image: My Preferences
Open the "Account Security" tab and then click the "Enable two-factor authentication" button:
Figure: Enable Odoo Two-factor Authentication
Then enter your Odoo password:
Image: password confirmation
After password confirmation, a screen with a unique QR barcode is shown:
Image: Two-Factor Authentication QR barcode
In most authenticator apps you can easily scan the barcode using the camera of the phone, the authenticator app then takes care of the correct settings:
IF SCANning DOES NOT WORK
If you cannot scan the QR barcode, you can click on the "show the code" link and show the secret code to manually set up the authenticator:
Image: authentication secret key
The code under "Your two-factor secret:" can then be entered manually and added to the authenticator app:
AUTHENTICATION SETTINGs COMPLETED
Once this has been done, the authenticator should display a verification code including identification information:
Enter the code in the "Verification Code" field and then click the "Enable two-factor authentication" button.
Congratulations, your Odoo account is now protected with two-factor authentication!
Image: Odoo two-step verification activated
Logging in will be done as follows from now on. Enter your username and password on the login page. After this, the following screen is displayed:
Now open the authenticator app on your phone and enter the code that is displayed (for the relevant account). That was all! From now on, unless you disable 2FA, you will have an even more secure two-step login process instead of the old one-step.
If you lose access to the authenticator app, please contact your Odoo administrator. This can reset your two-factor authentication, after which you can set it again.
Should you unexpectedly fail to set up two-factor authentication? Do not hesitate to contact us via a helpdesk ticket or our contact form!