Two-factor Authentication


Two-factor authentication (“2FA”) is a good way to improve the security of an account, to make it less likely that an other person will manage to log in instead of you.
Practically, it means storing a secret inside an authenticator (usually your cell phone) and exchanging a code from the authenticator when you try to log in.
This means an attacker needs both to have guessed (or found) your password and to access (or steal) your authenticator, a more difficult proposition than either one or the other.

Requirements 

If you don’t already have one, you will need to choose an authenticator.
Phone-based authenticators are the easiest and most common so we will assume you’ll pick and install one on your phone, examples include Authy, FreeOTP, Google Authenticator, LastPass Authenticator, Microsoft Authenticator, …; password managers also commonly include 2FA support e.g. 1Password, Bitwarden, ....
For the sake of demonstration we will be using Google Authenticator (not because it is any good but because it is quite common).

SETTING UP TWO-FACTOR AUTHENTICATION

Once you have your authenticator of choice, go to the Odoo instance you want to setup 2FA, then open Preferences (or My Profile):

odoo user documentation

Open the Account Security tab, then click the Enable two-factor authentication button:

odoo user documentation

Because this is a security-sensitive action, you will need to input your password: .

odoo user documentation

After which you will see this screen with a barcode:

odoo user documentation

In most applications, you can simply scan the barcode via the authenticator of your choice, the authenticator will then take care of all the setup:

odoo user documentation

Note:
If you can not scan the screen (e.g. because you are doing this set-up on the same phone as the authenticator application), you can click the provided link, or copy the secret to manually set-up your authenticator:

odoo user documentation

odoo user documentation

 

Once this is done, the authenticator should display a verification code with some useful identifying information (e.g. the domain and login for which the code is):
odoo user documentation

You can now input the code into the Verification Code field, then click the Enable two-factor authentication button.
Congratulation, your account is now protected by two-factor authentication!

odoo user documentation

logging IN

You should now Log out to follow along.
On the login page, input the username and password of the account for which you set up 2FA, rather than immediately enter Odoo you will now get a second log-in screen:

odoo user documentation
Get your authenticator, input the code it provides for the domain and account, validate, and you’re now in.
And that’s it. From now on, unless you disable 2FA you will have a two-step log-in process rather than the old one-step process.

odoo partner