Zoho SMS Authentication Deprecated: Secure MFA Alternatives

Zoho Accounts disables SMS as a supported authentication method

As of January 2026, Zoho has deprecated SMS as a supported method of authentication.

Reasons for deprecation 

SMS-based OTPs are susceptible to various attacks, including phishing, SIM swapping, and signaling system 7.

Phishing attack: Scammers send fake messages with links to websites that resemble our sign-in page. For example:
They trick you into entering your login details and OTPs. If you do, scammers can access your account, putting your personal information and security at risk.

SIM swapping: By knowing your phone number, a scammer can contact your telecom provider's customer service and request to transfer your phone number to a new SIM card, giving them access to your accounts and personal data without your consent.

Signaling system 7 attack: A hacker can spy on you via the cell phone signaling system, where they can listen to calls, intercept text messages, and track your phone's location, leading to serious security risks.

Considering the security threats in SMS-based OTPs and the guidelines on implementing phishing-resistant MFA given by the Cybersecurity & Infrastructure Security Agency (CISA) of the United States government, we deprecated the SMS-based OTP MFA mode.

➤ Current status
     Deprecation of SMS-based OTP MFA mode for all users who signed up after January 1, 2024.

➤ Upcoming plan
     Migration of existing users and organizations currently enforcing SMS-based OTP MFA to alternate MFA modes.  

If you have SMS as your method of multi factor authentication, then you must update this to one of the following methods:

  • OneAuth (recommended)
    Zoho OneAuth is a multi-factor authentication app that you can use to secure your Zoho account as well as third-party accounts, including Google, Facebook, and Microsoft. With OneAuth, you can set up any of the three authentication modes: push notifications, time-based OTPs, and QR codes.

  • OTP authenticator
    OTP authenticators are apps you can use to set up MFA for your account. These apps generate new OTPs in duration you set, which you can use to sign in to your account.
    Learn how to set up an OTP authenticator.

  • Security key
    A security key is a hardware device that you link to your account to enable multi-factor authentication. Once linked, you'll need to use this key each time you sign in to verify your identity.
    Learn how to set up the security key.

Need Expert Help?

We provide tailored Zoho business systems designed to simplify your daily operations and support your growth. We make sure your tools work for you so you can spend more time growing your business, and less time managing technology.


    • Related Articles

    • SMS Credits versus SMS Messages

      What is an SMS Message? An SMS (Short Message Service) message is a single text message sent to a mobile device. Traditionally, SMS messages are limited to 160 characters when using the standard GSM-7 character set (basic Latin alphabet, numbers, and ...

    • Using accounts department email addresses in Zoho Subscriptions

      In Zoho Subscriptions, by default the contact person that is subscribed to a service receives the invoices every month. In some cases, invoices need to go to the accounts department for faster processing. In order to change the email address to which ...

    • How to Change your Primary Zoho Login Email Address

      Updating your primary login email in Zoho is a straightforward process, but it is important to do it correctly to ensure you don't lose access to your Zoho account. This guide is for users who need to update their own login credentials—for example, ...

    • Zoho Mail Server and Office 365 Outlook - ActiveSync setup

      THIS MAY NO LONGER BE AN OPTION IN THE LATEST VERSION OF OUTLOOK. I CAN RECOMMEND DOWNLOADING ZOHO MAIL DESKTOP LITE (https://www.zoho.com/mail/desktop) Settings on Zoho Mail server First, in the Zoho Mail server, we need to ensure ActiveSync is ...

    • How to set up spam control for Zoho Mail (beginners guide)

      If you want to take control of the spam that comes into your inbox, this video is for you. There is no advanced "secret squirrel" settings here. This is aimed at the regular small business owner that manages the email server. The last bit of the ...