Configuring two-factor authentication

Two-Factor Authentication (2FA) adds an extra layer of protection by requiring two factors, a password and a temporary security code, to verify a user's identity. This significantly reduces the risk of unauthorized access, even if a password is compromised.

Virtuozzo Hybrid Infrastructure uses Time-based One-Time Password (TOTP) authentication, which is supported by most authenticator applications, such as Google Authenticator and Microsoft Authenticator. The system generates a shared secret key for each user during 2FA setup. Users add this key to an authenticator app, which generates a new 6-digit code every 30 seconds. At login, users must provide both their password and a valid code from the authenticator app. The system verifies the code locally using the same time-based algorithm.

By default, 2FA is disabled for all users, but it is strongly recommended for both system administrators and self-service users. System administrators can enforce 2FA for self-service users at the system and domain levels.