Skip to main content

How to set up two-factor authentication on Synology NAS

Synology DSM 7.0
Synology DSM 7.0 (Image credit: Windows Central)

Securing your data on even the best Synology NAS is incredibly important. Much like any online account, it's best to use two-factor authentication, or better yet multi-factor authentication. DSM 7.0 introduced support for the latter with a shiny new SignIn app that helps protect your NAS and sensitive data.

This guide is tailored to Synology DSM 7.0, but two-factor authentication initialization on earlier OS versions is similar.

How to set up SignIn (2FA)

  1. Click on the user icon in the top-right.
  2. Select Personal.
  3. Select two-factor authentication.

Synology DSM 7.0

Source: Windows Central (Image credit: Source: Windows Central)
  1. Select Approve sign-in.
  2. Activate QuickConnect (if not done already).
  3. Verify your account password.
  4. Read through the information and click Next.

Synology DSM 7.0

Source: Windows Central (Image credit: Source: Windows Central)
  1. Download Synology SignIn app using the QR codes displayed, App Store, or Google Play.
  2. Click Next.
  3. Scan the QR code with the SignIn app.
  4. Click Next.
  5. Select OTP in the SignIn smartphone app.
  6. Select the + icon up top to open the camera.
  7. Scan the QR code to create an OTP link.
  8. Enter the OTP in the browser.
  9. Click Next.
  10. Enter a backup email address.
  11. Click Next.
  12. Click Done.

The Synology SignIn app is now configured for your NAS with a one-time password and secure sign-in methods that will be required upon logging in, as well as the account password.

How to set up one-time passcodes (2FA)

  1. Click on the user icon in the top-right.
  2. Select Personal.
  3. Select two-factor authentication.
  4. Select Verification Code (OTP).
  5. Verify your account password.
  6. Read through the information and click Next.

Synology DSM 7.0

Source: Windows Central (Image credit: Source: Windows Central)
  1. Download Synology SignIn app using the QR codes displayed, App Store, or Google Play.
  2. Click Next.
  3. Scan the QR code with the SignIn app (or your favorite OTP authenticator app).
  4. Enter the OTP in the browser.
  5. Click Next.
  6. Enter a backup email address.
  7. Click Next.

Synology DSM 7.0

Source: Windows Central (Image credit: Source: Windows Central)
  1. Click Done.

How to set up a hardware security key (2FA)

  1. Click on the user icon in the top-right.
  2. Select Personal.
  3. Select two-factor authentication.

Synology DSM 7.0

Source: Windows Central (Image credit: Source: Windows Central)
  1. Select Hardware security key.
  2. Follow the on-screen wizard for configuring DDNS. (See Synology's help section for more details.)
  3. Verify your account password.
  4. Read through the information and click Next.
  5. Select the type of hardware key.
  6. Follow the on-screen instructions for enabling the device (this varies between hardware).
  7. Enter a name for your security hardware key.
  8. Select Done.

How to set up passwordless sign-in

  1. Click on the user icon in the top-right.
  2. Select Personal.

Synology DSM 7.0

Source: Windows Central (Image credit: Source: Windows Central)
  1. Select Passwordless Sign-In.
  2. Select Approve sign-in.
  3. Verify your account password.
  4. Read through the information and click Next.

Synology DSM 7.0

Source: Windows Central (Image credit: Source: Windows Central)
  1. Download Synology SignIn app using the QR codes displayed, App Store, or Google Play.
  2. Click Next.
  3. Scan the QR code with the SignIn app.
  4. Click Next.

Synology DSM 7.0

Source: Windows Central (Image credit: Source: Windows Central)
  1. Click Finish.

You will be required to use the configured authentication method when signing into your account on the NAS. To disable the authentication method, simply return to the settings pane and select it for deactivation.

Rich Edmonds
Rich Edmonds

Rich Edmonds is Senior Editor of PC hardware at Windows Central, covering everything related to PC components and NAS. He's been involved in technology for more than a decade and knows a thing or two about the magic inside a PC chassis. You can follow him over on Twitter at @RichEdmonds.