Using Two-factor authentication


Did you know you can use two-factor authentication to enhance the security of your DevZone account? 
In this little blog, I’ll show you how to enable Two-Factor Authentication (2FA) with your DevZone account.

What is it?

In general, Multi-Factor Authentication grants access only after presenting 2 or more pieces of evidence – “factors”. Typically:

  • The knowledge factor: Something only you know
  • The possession factor: Something only you have

Common example: Money withdrawal from an ATM requires your card (possession factor, CHECK!) and your PIN code (Knowledge factor, CHECK!).

In our case, using Google 2-step verification, the factors are:

  • Your password (which you know)
  • The verification code, generated by an app on your phone (which you must have)

In regular authentication schemes, only one factor is used: The knowledge factor where you are asked to present a username and a password.
While secure enough for many purposes, this means: Anyone who knows the right credentials, may be granted access. 

2FA takes it up one notch by adding the possession factor: It's not enough to know something - you've also got to have something.

 

Why do it?

Using 2FA will actually make your login process more tedious. Why would you want that?
Well, it’s just that extra level of security.

If your password is compromised by someone, they’ll still need your security key to get into your account.
So, even if someone snoops your email and password somehow, they still need your cellphone -powered, online and unlocked - to produce the right authentication code.

So, while you should always be careful about logging in on public computers, never write down your passwords, never send them by email to anyone (even yourself) or store it somewhere; all those bad habits are actually compensated when using 2FA. But still: Bad, bad habits, they are!

Besides: It’s actually just a tiny fraction more tedious.



How to get started with 2FA on the Nordic DevZone

With Google 2-step verification, you can have security codes sent as text messages to your phone. I recommend installing and using the Google Authenticator app, which generates new verification codes on your mobile phone every minute or so.

Get started:

  1. Download and Install the Google Authenticator app on your mobile phone
    1. Available for iPhone (AppStore) and Android (Play.Google.com).
  2. Log into your DevZone account
  3. Perform the following steps:
    1. In the DevZone, goto “settings” under your avatar menu and
    2. Scroll way down to the bottom and finally,
    3. Click “Activate” under Two Factor Authentication
  4. A QR code appears.
    1. Take out your cellphone, open the Google Authenticator app and click the ‘+’ sign to add a new site.
    2. The app opens your camera.
    3. Take a snap of the on-screen QR code to register the site.
      1. You can also enter the (long!) manual code shown on the screen)

 

  1. The site automatically shows up in the list on your mobile screen.
    1. A 6-digit verification code is generated
    2. Enter this code into the text box labeled “Verify code” and click “verify and enable”.
  2. On your mobile screen, you can now see the list of 6-digit verification codes for each site you have registered, and the timeout indicators.
    Note that:
    1. Codes are changed every minute
    2. (You may need to sync your phone to keep up with the code changes. This is found under ‘settings’ in the Authenticator app.)

 

Logging into the DevZone

When you have enabled 2FA, logging into the DevZone looks like this:

  1. Click the avatar in the top right corner to open the “sign in” page:



  2. Enter your email address and password, and click “Sign in”
  3. New: The two-factor authentication screen appears.
    1. Enter your 6-digit verification code from the Google Authenticator app and click “Submit code”:



    2. NB! Watch the countdown indicator in the app so you don’t start typing a code that’s about to change in 2 seconds…
  4. Go write a brilliant question to our tech support engineers and your fellow developers.

 

Hope this helps.
Feel free to post questions below!

Cheers;
Eivind

 

Anonymous