Two-factor authentication is a verification feature that ensures login security.

There are multiple methods for two-factor authentication. Users can choose to complete verification via SMS, Coremail 论客 App, WeChat, a backup email, or a third-party OTP.

The number of verification methods a user can bind depends on the password policy set by the administrator in the admin console. The system allows the administrator to set a minimum number of required bindings. After the administrator sets it, the number of verification methods bound by the user must meet the administrator's standard, otherwise they must bind again.

Introduction to two-factor authentication methods:

SMS: When logging in, enter the verification code from the SMS to verify.

Coremail 论客 App: When logging in, choose to authorize via push notification, QR code scan, or by entering a six-digit verification code in the App.

Backup Email: When logging in, enter the verification code from the verification email sent to your backup email to verify.

Third-party OTP: When logging in, enter the verification code from the third-party OTP to verify.

WeChat Mini Program: When logging in, authorize by scanning a QR code with WeChat or by entering the six-digit verification code from the WeChat Mini Program to verify.

This can be done in the webmail and desktop client.

You can bind and unbind two-factor authentication in webmail under Security Settings -> Two-Factor Authentication Settings.

You can bind and unbind two-factor authentication in the Air client (V4.0.0 and above) under Settings -> Two-Factor Authentication.

Requiring users to perform two-factor authentication every time they bind, unbind, or modify a verification method in a short period can be cumbersome.

To ensure a good user experience, the system provides a 15-minute grace period after a user has bound, unbound, or modified a binding once. Within these 15 minutes, the user will not need to perform two-factor authentication again before binding, unbinding, or modifying a binding.

Note: The grace period is only effective on the current device. If the user logs out and logs back in, or logs in on another device, the grace period will be voided when they go to the two-factor authentication settings page to bind, unbind, or modify a binding again.

There are two situations:

1. When the number of two-factor authentication methods bound by the user is less than the minimum number set by the administrator, the user must re-bind.

2. When the two-factor authentication method bound by the user does not comply with the mandatory binding method set by the administrator, the user must re-bind.