Bitrix24 Adds Email One-Time Codes as New Two-Factor Authentication Option in Cloud Version
Bitrix24 has expanded its two-factor authentication capabilities in the cloud edition by adding support for one-time codes delivered via email. This new method joins existing options that include codes from authenticator applications, push notifications, and SMS messages.
The feature is designed to assist organizations where staff members, for various reasons, do not use separate 2FA apps or may have inconsistent access to mobile phones for receiving verification texts. By providing an alternative channel, Bitrix24 aims to increase adoption of stronger authentication without forcing every user onto a single verification method.
Two-factor authentication adds an extra verification layer beyond the standard username and password combination. Even if attackers obtain credentials through phishing emails, data breaches, or social engineering calls impersonating technical support, they still need the additional code to gain entry.
Nevertheless, the company cautions that relying on email for the second factor requires careful consideration. If an attacker has already compromised the user’s mailbox, this method offers little protection. For high-value accounts, Bitrix24 therefore recommends using authenticator applications or device-based confirmations instead.
The same email-code functionality is scheduled to appear in the on-premise, boxed version of Bitrix24 in the near future. Additionally, the vendor plans to make two-factor authentication mandatory for all organizations subscribed to the Professional and Enterprise cloud tariffs.