How to quickly secure your Synology NAS with two-factor authentication

Securing your data on even the best Synology NAS is incredibly important. Much like any online account, it’s best to use two-factor authentication, or better yet multi-factor authentication. DSM 7.0 introduced support for the latter with a shiny new SignIn app that helps protect your NAS and sensitive data.

This guide is tailored to Synology DSM 7.0, but two-factor authentication initialization on earlier OS versions is similar.

How to set up SignIn (2FA)

1. Click on the user icon in the top-right.
2. Select Personal.
3. Select two-factor authentication.

   

   Source: Windows Central

4. Select Approve sign-in.
5. Activate QuickConnect (if not done already).
6. Verify your account password.
7. Read through the information and click Next.

   

   Source: Windows Central

8. Download Synology SignIn app using the QR codes displayed, App Store, or Google Play.
9. Click Next.
10. Scan the QR code with the SignIn app.
11. Click Next.
12. Select OTP in the SignIn smartphone app.
13. Select the + icon up top to open the camera.
14. Scan the QR code to create an OTP link.
15. Enter the OTP in the browser.
16. Click Next.
17. Enter a backup email address.
18. Click Next.
19. Click Done.

The Synology SignIn app is now configured for your NAS with a one-time password and secure sign-in methods that will be required upon logging in, as well as the account password.

How to set up one-time passcodes (2FA)

1. Click on the user icon in the top-right.
2. Select Personal.
3. Select two-factor authentication.
4. Select Verification Code (OTP).
5. Verify your account password.
6. Read through the information and click Next.

   

   Source: Windows Central

7. Download Synology SignIn app using the QR codes displayed, App Store, or Google Play.
8. Click Next.
9. Scan the QR code with the SignIn app (or your favorite OTP authenticator app).
10. Enter the OTP in the browser.
11. Click Next.
12. Enter a backup email address.
13. Click Next.

    

    Source: Windows Central

14. Click Done.

How to set up a hardware security key (2FA)

1. Click on the user icon in the top-right.
2. Select Personal.
3. Select two-factor authentication.

   

   Source: Windows Central

4. Select Hardware security key.
5. Follow the on-screen wizard for configuring DDNS. (See Synology’s help section for more details.)
6. Verify your account password.
7. Read through the information and click Next.
8. Select the type of hardware key.
9. Follow the on-screen instructions for enabling the device (this varies between hardware).
10. Enter a name for your security hardware key.
11. Select Done.

How to set up passwordless sign-in

1. Click on the user icon in the top-right.
2. Select Personal.

   

   Source: Windows Central

3. Select Passwordless Sign-In.
4. Select Approve sign-in.
5. Verify your account password.
6. Read through the information and click Next.

   

   Source: Windows Central

7. Download Synology SignIn app using the QR codes displayed, App Store, or Google Play.
8. Click Next.
9. Scan the QR code with the SignIn app.
10. Click Next.

    

    Source: Windows Central

11. Click Finish.

You will be required to use the configured authentication method when signing into your account on the NAS. To disable the authentication method, simply return to the settings pane and select it for deactivation.