We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Cloud Control

Understanding Multi-Factor Authentication in Barracuda Cloud Control

  • Last updated on

Multi-factor authentication (MFA), also known as two-factor authentication, is a security feature that requires two forms of authentication to access Barracuda Cloud Control. When enabled, MFA provides an extra layer of security to your account. Even if the user's login credentials are stolen, without the trusted device, the attacker is unable to access the account. And if the user's device is taken, the attacker cannot access the account without the login credentials.

For security purposes, Barracuda recommends that users lock their multi-factor authentication (MFA) enabled devices with a personal identification number (PIN).

Administrator-Enabled MFA

MFA is Optional by default, allowing the account administrator to determine whether to enable MFA through the Admin > Options page:


When enabled, all users associated with this account (or accounts that administer it) are required to log in using MFA.

When set to Required, you are immediately required to configure MFA.


When MFA is enabled, users are sent an email to inform them that they are required to use MFA, including mobile device requirements and instructions on installing the Google Authenticator app. When the user attempts to log in, in addition to their login credentials, they are prompted to enter a secondary token in the Authentication Code field:


To access the secondary token, the user enters their login credentials, and then clicks Sign In. The user is then presented with the  Secret Code and barcode on the Home > My Profile page:



The user can either copy the Secret Code and paste it into the Authentication Code field on the login screen, or using Google Authenticator, scan the barcode presented on the screen. A one-time login token, also known as a time-based one-time password (ToTP), generates. The user enters the one-time generated ToTP in the  Authentication Code field on the login screen, along with their login credentials, to access Barracuda Cloud Control.  Because the ToTP regenerates every 30 seconds, the user must enter the code immediately. If the user enters an expired login token, authentication fails and the user must regenerate and enter a new ToTP. 

User-Enabled MFA

When Multi-Factor Authentication is set to Optional, users can select whether to use MFA when logging into Barracuda Cloud Control using the settings on their Home > My Profile page, located under their username.

For more information, refer to Adding MFA Devices in Barracuda Cloud Control.

Last updated on