Email 2FA Verification in MyKualo
Knowledgebase Article
Email 2FA Verification in MyKualo
At Kualo, safeguarding your account is our top priority. One of the measures we implement to protect your account is Email-based Two-Factor Authentication (2FA), which ensures that even if someone knows your password, they still need to pass a second layer of security. This article will explain how the email 2FA process works, why you may see it, and how you can enhance your account security further.
Why Email 2FA Exists
Email 2FA is designed to protect your account from unauthorised access, especially if someone attempts to log in from a new or unfamiliar location. Even if someone has your login details, they won’t be able to access your account without the additional verification step.
By requiring you to verify your identity via a one-time PIN sent to your registered email address, we add an extra layer of security beyond just your password.
How Email 2FA Works
When you log in to your MyKualo account from an unrecognised IP address or from a different geographical location, or if we detected the login to likely be non-human, you may be prompted to verify your identity via Email 2FA. Here’s how the process works:
- Receiving the Email: Once a login attempt is detected from an unfamiliar location or IP address, an email will be sent to your registered email address. This email will contain a one-time PIN (Personal Identification Number) that you need to enter to complete the login process.
- Entering the PIN: After receiving the email, you’ll be prompted to enter the PIN on the login screen. Simply input the code from the email, and your login will be completed once the code is verified.
This process ensures that even if someone gains access to your password, they will need access to your email account as well in order to log in.
Seeing this often?
If you are receiving email 2FA prompts more frequently than expected, it may be due to changes in your IP address or location. This often happens if:
- You frequently use different networks (e.g., switching between home, work, or mobile data).
- Your ISP (Internet Service Provider) regularly changes your IP address, a common practice for mobile or dynamic IPs.
- You’re logging in from different locations while travelling.
- You’re using a VPN or something about your connection appears unusual.
While this may seem inconvenient, it’s essential for protecting your account against unauthorised access. Unfortunately, we can't disable this feature, as it serves a critical security purpose. However, we aim to minimise the frequency of these alerts by recognising reasonably familiar IPs over time.
If you're frequently receiving Email 2FA alerts and would prefer to minimise them, the best solution is to enable full Two-Factor Authentication (2FA) on your account. With full 2FA, instead of relying on email verification for new locations, you’ll use a dedicated authentication app to generate a time-based code for every login, regardless of your IP or location.
You can use apps like Authy or Google Authenticator to generate 2FA codes. Additionally, password managers such as 1Password can store 2FA codes and automatically input them during login, helping to reduce friction and streamline the process.
Learn more about enabling full 2FA on your MyKualo account.
Didn’t receive the Email 2FA code?
Our system reliably sends these emails, and in nearly all cases, they are successfully delivered. However, if you don’t receive the verification email:
- Check your spam or junk folder. Some email providers, such as Gmail or Outlook, may filter the message incorrectly.
- Add noreply@kualo.com to your address book. This can help ensure that future emails are delivered directly to your inbox.
- Attempt to log in again. After adding the address to your contacts, try logging in once more to generate a new verification email.
If the issue persists, please contact our support team for further assistance.
Prevent Lockouts Due to Email Issues
We recommend that you do not use a Kualo-hosted email address as your primary login contact. If your hosting is suspended or otherwise unavailable, you may be unable to receive the Email 2FA code—potentially locking you out of your account.
To avoid this, consider the following:
- Use a third-party email address (e.g. Gmail, Outlook) as your main contact email.
- Add a secondary sub-user with an alternative email address. This provides a backup method of access. Learn how to add a sub-user.
- Enable full Two-Factor Authentication (2FA) using an authentication app. This bypasses the need for Email 2FA. Learn how to enable full 2FA.
These steps help ensure you can always access your account, even if there’s a problem with your main email address.
Powered by WHMCompleteSolution