2FA App code complexity

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
User avatar
andras0602
Advanced member
Advanced member
Posts: 62
Joined: Sat May 21, 2022 3:11 pm
ZCS/ZD Version: 8.8.15

2FA App code complexity

Post by andras0602 »

Dear Team,
I use Zimbra 8.8.15.

I turned on the "two step authentication" 2FA/TOTP.
Unfortunately, I need to create some "Application codes" for my desktop and mobile mail agents. As I see, these codes are always:
- only 16 characters
- only English alphabets
- only capital letters.
No numbers, no special chars, nothing. This code is auto-generated so I can't specify a custom, more complex one.

To be honest it feels like turning on this 2FA + generating app codes weakens security.
Is there any way to increase the complexity of this password?

Many thanks!
Andras
User avatar
andras0602
Advanced member
Advanced member
Posts: 62
Joined: Sat May 21, 2022 3:11 pm
ZCS/ZD Version: 8.8.15

Re: 2FA App code complexity

Post by andras0602 »

Any ideas?
In the meantime I opened a support ticket which became an internal enhancement number "ZRFE-997"

I just realized that the app specific passwords have a similar format to the TOTP seeds.
Post Reply