Did you know you can use two-factor authentication to enhance the security of your DevZone account? In this little blog, I’ll show you how to enable Two-Factor Authentication (2FA) with your DevZone account.
In general, Multi-Factor Authentication grants access only after presenting 2 or more pieces of evidence – “factors”. Typically:
Common example: Money withdrawal from an ATM requires your card (possession factor, CHECK!) and your PIN code (Knowledge factor, CHECK!).
In our case, using Google 2-step verification, the factors are:
In regular authentication schemes, only one factor is used: The knowledge factor where you are asked to present a username and a password.While secure enough for many purposes, this means: Anyone who knows the right credentials, may be granted access.
2FA takes it up one notch by adding the possession factor: It's not enough to know something - you've also got to have something.In this case, your cell phone! With some sites you can also have single-use security codes sent as text messages to your phone. Some will send you a PDF file with single-use codes. These are nice for backup; but for regular use I recommend installing and using the Google Authenticator app. See the step-by-step guide below.
Using 2FA will actually make your login process more tedious. Why would you want that?Well, it’s just that extra level of security.
If your password is compromised by someone, they’ll still need your security key to get into your account.So, even if someone snoops your email and password somehow, they still need your cellphone -powered, online and unlocked - to produce the right authentication code.
So, while you should always be careful about logging in on public computers, never write down your passwords, never send them by email to anyone (even yourself) or store it somewhere; all those bad habits are actually compensated when using 2FA. But still: Bad, bad habits, they are!
Besides: It’s actually just a tiny fraction more tedious.
How to get started with 2FA on the Nordic DevZone
You'll be installing and authenticating the Google Authenticator app to work with your DevZone account.The app generates new verification codes on your mobile phone every minute. When asked for a second factor on DevZone in the future, you'll type the current code generated by the authenticator app.
When you have enabled 2FA, logging into the DevZone looks like this:
Note that the DevZone has now only been authenticated with the current instance of the Google Authenticator app that currenty resides on your cell phone.If you're getting a new phone, remember to disable 2FA in your DevZone account first.... Otherwise, we'll have to disable 2FA for you, until we have a single-use code scheme in place ;-)
Hope this helps. Feel free to post questions below!