Ukraine flag

We stand with our friends and colleagues in Ukraine. To support Ukraine in their time of need visit this page

Enabling Two Factor Authentication in Roundcube

Best Roundcube 2FA plugin
Two-factor authentication is essential when protecting access to email. Using the Protectimus Roundcube OTP plugin, you can set up two-factor authentication in the Roundcube webmail client in just 15 minutes.
The Roundcube 2 factor authentication plugin from Protectimus enables you to easily integrate a professional, OATH-certified MFA solution into the Roundcube webmail client, giving you the maximum protection against unauthorized account access. When logging into Roundcube, users will be asked first for their normal passwords, and then for a one-time password.


2FA from professionals

Multi-factor authentication plugin for Roundcube and Protectimus multifactor authentication solution itself are developed by leading IT security engineers. The Protectimus two-factor authentication service has been protecting payment systems, corporate infrastructures, and personal computers all around the world since 2013. Protectimus is a coordinating member of the OATH initiative.

Adding 2FA to Roundcube in 15 minutes

It takes just 15 minutes to configure two-factor authentication in Roundcube and secure access to Roundcube using one-time passwords. We offer a customer-tested, ready-to-use 2FA plugin, Protectimus Roundcube OTP. If you have any questions, we invite you to contact our support team.

You will find the installation instructions here.

OTP delivery methods

Choose your Roundcube two-factor authentication methods: hardware tokens; the Protectimus Smart one-time password generator app; SMS-based OTP delivery; or chatbots on Telegram, Viber, and Messenger. These are virtually all of the one-time password delivery methods available today. The Protectimus two-factor authentication solution is available as a cloud service or an on-premise solution.

See also

ImageToken ModelPrice, pcs
Brief DescriptionDescription
PROTECTIMUS TWOPROTECTIMUS TWO$11.99$11.49$10.99$9.99$8.99

$3 when paying service in advance for a year
Bulletproof OTP token: reliable, waterproof, stylishBulletproof TOTP token: reliable, waterproof, stylish

$3 when paying service in advance for a year
PROTECTIMUS FLEXPROTECTIMUS FLEX$19.99$18.99$16.99$15.99$13.99The reprogrammable and stylish hardware TOTP tokenThe reprogrammable hardware TOTP token
PROTECTIMUS SHARKPROTECTIMUS SHARK$14.99$14.49$13.99$12.99$11.99This hardware token offers exceptional security features by supporting TOTP (RFC 6238) and SHA-256 algorithmWe recommend using this token
PROTECTIMUS SLIM MINIPROTECTIMUS SLIM MINI$29.99$28.99$26.99$24.99$21.99Reprogrammable NFC token, that fits any two-factor authentication systemReprogrammable NFC token
PROTECTIMUS SMARTPROTECTIMUS SMARTfreeAvailable for all key Android and iPhone platformsSoftware token for Android and iPhones
PROTECTIMUS SMARTPROTECTIMUS PUSHfreePush via Android and iPhone applicationsСonvenient and reliable
PROTECTIMUS BOTPROTECTIMUS BOTfreeOTP delivery via messenger — easy, secure, convenient. The service is available on Telegram, Viber and Facebook Messenger.The service is available on Telegram, Viber and Facebook Messenger
PROTECTIMUS SMSPROTECTIMUS SMS$2 per user/monthMinimum hassleMinimum hassle
knowledge base

To begin setting up two-factor authentication for the Roundcube client, download the Protectimus 2FA plugin for Roundcube from GitHub and install it. For adding two-factor authentication to Roundcube find plugin setup instructions on the official plugin repository for Roundcube Webmail. After installing the Roundcube 2-factor authentication plugin, register with the Protectimus service, and create a resource, user, and token. Assign the user and token to the resource.

Most services use email for changing passwords and restoring access to accounts. That means that reliable email access protection — and in this case, that means Roundcube authentication security — is fundamental to IT security in general. Even if you use a secure password, that password could be intercepted by a keylogger, brute-forced, or obtained using phishing or social engineering. Two-factor authentication adds an extra level of Roundcube brute force protection — one-time passwords are valid for 30 to 60 seconds. They can’t be guessed or collected, and they’re difficult or impossible to intercept.

Two-factor authentication protects Roundcube from keyloggers and brute-force attacks. It also guards against phishing and social engineering attacks, and data signing functionality protects against man-in-the-middle attacks. Roundcube just can’t be secure without a verified multi-factor authentication plugin for Roundcube. The Roundcube MFA plugin from Protectimus lets you configure multifactor authentication for Roundcube in just a few minutes. Features available in Protectimus’s solution include geographic and time-based filters, self-service, CWYS data signing, user environment analysis, and a broad assortment of 2FA tokens to choose from.

The Protectimus multi-factor authentication plugin for roundcube supports hardware OTP tokens with hard-coded secret keys, the reflashable Protectimus Slim NFC hardware token, the Protectimus Smart 2FA app for iOS and Android, email, and SMS authentication. Roundcube two-factor authentication methods also include delivery of one-time passwords over Telegram, Viber, and Facebook Messenger. Hardware tokens are the most reliable OTP tokens. These tokens cannot be infected by viruses, and intercepting one-time passwords is impossible. Messaging service chatbots are both convenient and secure; however, we don’t recommend SMS-based authentication.

When setting up the Roundcube Webmail client, make sure that all the basic security rules have been taken into account: the connection between Roundcube and the mail server is protected with an SSL certificate, email encryption is set up, and 2-factor authentication plugin for Roundcube Webmail security is built in. With Protectimus Roundcube OTP Plugin adding two-factor authentication to Roundcube will be done in just a few clicks.

How do to set up two-factor authentication in Roundcube?

Why do I need two-factor authentication in Roundcube?

Why Protectimus is the best Roundcube 2FA plugin?

What Roundcube two-factor authentication method should I choose?

How to secure Roundcube?