Did you know you can use two-factor authentication to enhance the security of your DevZone account? In this little blog, I’ll show you how to enable Two-Factor Authentication (2FA) with your DevZone account.
In general, Multi-Factor Authentication grants access only after presenting 2 or more pieces of evidence – “factors”. Typically something only you know + something only you have.
Common example: Money withdrawal from an ATM requires your card (possession factor, CHECK!) and your PIN code (Knowledge factor, CHECK!).
In our case, using Google 2-step verification, the factors are:
In regular authentication schemes, only one factor is used: The knowledge factor where you are asked to present a username and a password. Even if this is two pieces of information, they both represent the same type of factor: Knowledge. While secure enough for many purposes, this means that anyone who knows the right credentials may be granted access.
2FA cranks it up one notch by adding the possession factor: It's not enough to know something - you've also got to have a physical object.In this case, your cell phone!
With some sites you can also have single-use security codes sent as text messages to your phone. Some will send you a PDF file with single-use codes. These are nice for backup; and we do have them too - see the final paragraph. But for regular use I recommend installing and using the Google Authenticator app. We'll take you through the steps below.
Using 2FA will actually make your login process more tedious. Why would you want that?Well, it’s just that extra level of security.
If your password is compromised by someone, they’ll still need your security key to get into your account.So, even if someone snoops your email and password somehow, they still need access to your cellphone - powered, online and unlocked - to produce the right authentication code.
So, while you should always be careful about logging in on public computers, never write down your passwords, never send them by email to anyone (even yourself) or store it somewhere; all those bad habits are actually compensated when using 2FA. But still: Bad, bad habits, they are!
Besides: It’s actually just a tiny fraction more tedious.
How to get started with 2FA on the Nordic DevZone
You'll be installing and authenticating the Google Authenticator app to work with your DevZone account.The app generates new verification codes on your mobile phone every minute. When asked for a second factor on DevZone in the future, you'll type the current code generated by the authenticator app.
When you have enabled 2FA, logging into the DevZone looks like this:
Important: Note that the DevZone has now only been authenticated with the current instance of the Google Authenticator app that currenty resides on your device / smart phone.If you're getting a new phone, you must remember to:
Hope this helps! Feel free to post questions below.