Two factor authentication

stankapl · April 17, 2023

It would be good to add this to web or app log-in.

fcheslack · April 17, 2023

This is planned for the near future.

joethorley · August 2, 2023

Is there any further news?

DWL-SDCA · August 2, 2023

If implemented, please make this optional. My database doesn't contain personal information nor secret stuff.

gustms · January 4, 2024

Looking forward to this feature. Thank you!

stankapl · August 24, 2024

Any update?

f37qks_aj9q · March 16, 2025

+1 2FA

stankapl · March 21, 2025

Any update?

librarianwl · April 17, 2025

Two-factor authentication for Zotero accounts would help keep accounts secure. I too would like to know when two-factor authentication will be available.

kuniipa · October 8, 2025

+1 on this topic.

pianogal · November 15, 2025

I saw API access from an unknown location. 2FA is important to be implemented!

adamsmith · November 15, 2025

MFA doesn't protect you against exposed API keys, though. API calls are never subject to additional authentication

kuniipa · February 9, 2026

Is this feature in the roadmap? ༼ つ ◕_◕ ༽つ

dstillman · February 9, 2026

Yes.

kuniipa · February 9, 2026

Can't wait for it :)
thanks for the reply and the hard work!

warguelles · February 9, 2026

If implemented, please make this optional. My database doesn't contain personal information nor secret stuff.

+1

fcheslack · 2026-04-03T23:05:22+00:00

You can try enabling this now by going to
https://www.zotero.org/settings/security?usemultifactor=1

It would be great if people tried out different hardware or software security keys, since there is a limit to the variety we can test ourselves.

I would recommend having an additional method other than a security key for the moment though, so you don't get stuck if there are still be some issues to work out with some of them.

kuniipa · 2026-04-03T23:48:02+00:00

@fcheslack, it seems both the iPhone and iOS apps are not requiring the 2nd factor yet. Is this expected at this early moment after the announcement? (all running the latest stable versions)

In the browser login it worked as expected with a passkey. :)

fcheslack · 2026-04-04T00:15:34+00:00

Yes, that's expected and part of why you have to go out of your way to find it and turn it on.

There are versions in testing for all clients that switch to a web based login that will all be the same as you see for the website.

kuniipa · 2026-04-04T00:19:11+00:00

Great! I can confirm the authentication code worked as well.

foss- · 2026-04-04T10:43:19+00:00

Set up TOTP and passkey and both seem to work as expected, thanks for this update hugely improving account security.

gustms · 2026-04-13T20:31:00+00:00

Thanks for adding 2FA!! I added both passkeys and an OTP. For passkeys, I have Bitwarden and a Yubikey 5.

What I noticed is that when I log in with any passkey, I don't appear logged in on the forums, but I am logged in on the library and other pages. I can try to log in again, but it still shows as signed out on the forums. If I use the OTP as 2FA, it seems to work for everything, including the forums.