Authentication
This section covers the Sync-in account security features, including multi-factor authentication (MFA/2FA) and application passwords.
Two-Factor Authenticationβ
Two-factor authentication (2FA) strengthens the security of your Sync-in account by adding an extra layer of protection against unauthorized access. It works by requiring two distinct proofs of your identity:
- something you know (for example, your password),
- something you have (for example, a code generated on your phone or a physical security key).
With this combination, even if your password is compromised, no one will be able to access your account without the second factor.
This feature requires prior activation by the administrator.
Prerequisitesβ
To use two-factor authentication with Sync-in, you need a TOTP (Time-based One-Time Password) compatible application. These applications generate temporary one-time codes that you will need to enter during login, in addition to your password.
Here are some widely used open-source TOTP applications:
- Proton Authenticator (Android, iOS, Desktop)
- FreeOTP (Android, iOS)
- Aegis Authenticator (Android)
You can choose the application that best suits you; they all work in a similar way: simply scan the QR code provided during activation, then use the generated code at each login.
Configurationβ
From your user account, in the Security: Two-Factor Authentication section of the configuration panel,
the Enable button starts the TOTP enrollment process.
Step 1
Step 2
Step 1:
- Enter your account login password
- Enter the TOTP code provided by your authentication app
Step 2:
- Save or copy the recovery codes
Recovery codes are essential: if you lose access to your authentication app, they will be required to reset two-factor authentication. Each code is single-use and can only be used once.
From now on, during your next logins as well as when performing sensitive actions, a TOTP code will always be required.
Loss of access to authentication methodsβ
If you lose both your recovery codes and your authentication method (e.g. TOTP app or security key), you will no longer be able to access your account on your own.
In this case, only an administrator can reset or disable two-factor authentication to allow you to regain access to your account.
β οΈ Recovery via email is not available. An email address is considered a weak authentication factor, easily compromised, and therefore unsuitable for ensuring the security provided by 2FA.
Application Passwordsβ
Application passwords are secrets generated specifically for clients or services that cannot use interactive login (or MFA), for example when using WebDAV. They help avoid using your main password and reduce the attack surface.
Configurationβ
From your user account, in the Security: Application Passwords section of the configuration panel,
the Generate / Manage button allows you to create and manage these passwords.
Key featuresβ
- Name: a unique identifier to easily recognize the application password.
- Application: the application associated with the password.
- Revocable: each application password can be revoked individually at any time, without affecting the main password or other application passwords.
- Expirable: the possibility to define an expiration date to automatically limit access over time.
- Traceability: logging of the last accesses (date and IP address).
The password is displayed only once when it is created.