I have been using 2FA on my Synology NAS for as long as I can remember. With DSM 7 Synology have introduced an Authenticator app that can sign you in without a password. You can also enable windows hello, if you have that on your device. This makes logging in much more convenient, saving you having to type in your 2FA code each time.

BE AWARE: At the time of writing, one thing I don’t like is that if you enable Passwordless sign in, you don’t have the option for OTP password sign in. Essentially you can sign into the NAS with only a password. I will show at the end how to use these devices as 2FA instead.

Install the Synology Secure Sign in App

Synology Secure SignIn – Apps on Google Play
Synology Secure SignIn increases account security
‎Synology Secure SignIn
‎**Synology NAS and a Synology account are required for this Application.** **DiskStation Manager 7.0 or above version with Synology Secure SignIn service enabled is required.** Synology Secure SignIn increases account security and offers two verification methods: Approve sign-in and verification …

Set up the Secure Sign in App

  1. Log into your NAS and press your profile icon in the top right. Select the Personal option.
  2. Scroll down and select Passwordless Sign-In, enter your current password.
  3. Select Approve Sign-In
  4. Select Next
  5. You can scan the QR Code to install the App on your specific phone, if you haven’t already. Press next.
  6. On the next screen scan your code using your mobile phone. Open the app and select Add, then scan the code on your mobile.
  7. Your account will then be added to the phone. The NAS will then show completed.
  8. Select finish and that’s it, if you just want to enable Passwordless sign in you are done. Sign out and enter your username, you should then be prompted on your phone to press Allow.

Optional: Setup windows Hello or a Hardware Key

  1. Go to the Personal panel again and press Passwordless Sign-In, then select Hardware Security Key
  2. Select Windows Hello and Next
  3. As long as your pc has Windows Hello Fingerprint or Face Recognition, it will prompt you to confirm now.
  4. Thats It, you can now sign in with Windows Hello.
  5. Log out and select Alternate options. You can then select use a hardware security key. 

Optional + More Secure: Use Secure Sign In app and Windows Hello as 2FA instead

  1. Like I said at the start, passwordless sign in allows you to sign in with just a password. This creates a problem and in my opinion greatly reduces the security of the NAS. I would recommend using the App and Windows Hello as a 2FA with a password. 
  2. Go to Personal again and press the 2-Factor Authentication option.
  3. Select the first option and press ok. This will keep the devices that we just setup and instead use them for 2FA with a password.
  4. You will now need to add an OTP token to your phone, to ensure that you can log in offline.
  5. Open the Synology Secure Sign-In app (or any 2FA app) and select add. Then scan the Synology QR code, and enter the code to confirm.
  6. Thats it. Now when you sign in you will enter your username and password but rather than enter the OTP code, you can use the Secure Sign in app or Windows Hello if you set it up as a 2FA method.