Table of Contents
Note: The use of this feature requires an authentication app that supports "time-based one-time passwords" (TOTP).
To require a 2FA verification code when connecting to your client using Unattended Access, the following steps need to be completed:
Settings & Setup
- Enable "Enable Two-Factor Authentication" in Settings > Security > Permissions.
- A prompt will appear where the user can scan the QR-Code or paste the key into one of our recommended authenticators.
- Enter the authorization code from the authenticator and click "Enable authorization".
If the correct authentication code is given but the "Enable authorization" button remains grayed out, please make sure that the times on both authenticator and AnyDesk device are synchronized. As the verification codes are time-based, they will not authenticate if the times are asynchronous.
Establishing a session
When connecting to an AnyDesk client with 2FA enabled, a 6-digit authorization key from the authenticator is requested directly after the unattended access password is manually or automatically submitted.
Two-Factor authentication for MyAnyDesk can be activated in Settings > General > Two-factor authentication of your MyAnyDesk customer portal.
Print or save the recovery key in a secure location in order to restore access your account when needed.
DO NOT PROCEED WITHOUT SAVING OR PRINTING THE RECOVERY KEY.
The recovery key cannot be retrieved or reset.
In the event that you lose access to your authentication device and do not have access to the recovery key, please contact AnyDesk Technical Support.
Recommended authenticator apps
The following authenticator apps are tested and recommended for use with AnyDesk:
- Google Authenticator
- Microsoft Authenticator
Setup a company mobile phone, tablet or PC with 2FA for unique access so that only your employee can access the office computer.
Additionally, you can set up multiple authentication devices t by scanning the same QR code with more than one authenticator.
Limit the access to selected devices like your servers to only the person that has the authentication device.