Skip to Content

Access Keyword 2FA explained

How to enable/disable Access Keyword 2FA (Two-factor Authentication) 

Access keywords is a two-factor mechanism used for securing the GUI and the ssh backend. Ideally, it would be phrases that can be easily remembered. They should never be written down and should be stored only in your memory. 

1.How to enable Access Keyword 2FA (Two-factor Authentication) globally in Web Gui

Navigate to Settings -> General -> Two Factor Authentication -> Enable Access Keyword.

Example of phrases that can be used for Access keywords would be a phrase like  "top dog bites".

The access keyword can be set by the user as follows. The access keyword should have a minimum of 10 characters and at least 4 unique characters.

Once set the web GUI would ask for the characters from 3 different positions while authenticating. As you can see below, we need to enter the characters from the first, seventh, and twelfth positions within the phrase.

access keyword  2fa

As, you can see, we had used the phrase "top dog bites",so we would enter the character that would come in the first, seventh, and twelfth positions within the phrase, which would be 't', 'g', and 'e'. Note that, space is a character and would be counted. For, example the character in the fourth position would be the space character in which case we would simply enter the 'space' key. 

access-keyword 2FA

The access keyword would have to enter to access the backend shell as well. In this case, we would need to enter the characters in the fourth, eighth, and twelth positions within the phrase. Looking at the phrase "top dog bites",  it would be the space character, the space character again in the eighth position, and 'e' in the twelfth position.

2fa  ssh access keyword

2. How to enable Access Keyword 2FA (Two-factor Authentication) for Gateway User ?

If the user have access permission of 'Settings tab' in web GUI, then the user can set the Access control as follows. 

After enabling the Access Keyword, navigate to Accounts -> Password.

If the user doesn't have access permissions for the 'Settings tab', and the global option is already enabled, then the GUI will prompt to set the Access Keyword when logging in as the non-privileged user.

3. How to disable Access Keyword 2FA (Two-factor Authentication) through the GUI Globally?

Navigate to Settings -> General 

4. How to reset Access Keyword 2FA (Two-factor Authentication) through the GUI for Gateway user?

Log in as the gateway user to the Ezeelogin GUI, navigate to Account -> Password and enter the new access keyword.


If the gateway user is unable to log in to the Ezeelogin GUI, only the admin privileged user can reset the ACCESS KEYWORD.

Log in as ADMIN user and Select the Reset Password option for that gateway user.

ENABLE Clear Two-Factor Authentication Secret. 

After, login as the gateway user and SET new Access Keyword


In an emergency where neither the admin gateway user nor other gateway users can access the Ezeelogin GUI, execute the following commands on the gateway server with root privileges.

How to disable Access Keyword 2FA (Two-factor Authentication) from the backend?

Run the below commands to disable and clear google authenticator. Replace username to disable access keyword for that user.

root@gateway ~]# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings set value='N' where(name='enable_access_keyword')"

root@gateway ~]# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set eak=NULL where username='ezadmin'"

No Two-factor Authentication enabled

This error happens when we enforce Two-Factor authentication without enabling any of the Two-Factor authentications. Run the following command to disable Force Two Factor Authentication.

root@gateway ~]# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings SET value = 0 WHERE name = 'two_factor_auth'"

root@gateway ~]# php /usr/local/ezlogin/ez_queryrunner.php  "update prefix_usergroups SET force_tfa = 'N'"


Related Articles