SOP:Activating Two-Factor Authentication

From Dark Peak
Jump to: navigation, search

Dark Peak Data allows its members to optionally enable two-factor authentication on their accounts.

Background

Multi-factor authentication is a method of computer access control in which a user must successfully present an authentication "factor" from more than one of the following categories:

  • Something only the user knows (like a PIN or password.)
  • Something only the user has (like an ATM card or key fob.)
  • Something only the user is (like a fingerprint or other biometric.)

Requiring more than one factor of authentication is considered more secure than requiring a password alone because it implies a much higher probability that the bearer of the identity evidence is indeed who they are claiming to be.

Two-factor authentication as implemented by Dark Peak Data requires something only you know (a password) and something only you have (a unique token). Your unique token generates cryptographically secure one-time passcodes (OTPs) to be used along side your password.

Enabling Two-Factor Authentication

Any member may enable two-factor authentication on their own account. To use two-factor authentication, we recommend that you download and install the FreeOTP authenticator application on your smart-phone (Not available on Ubuntu Phone, but you can use the 'Authenticator' app instead). This allows your smart-phone to act as your unique token. FreeOTP is free and open source software and is available from the Google Play store and the Apple iTunes store.

To create a new token, log into the identity server and click the add button in the OTP tokens section.

Two-factor-01.png

Choose the type of token you wish to use and optionally give it a friendly name. The token type determines what algorithm your token will use to generate one-time passcodes (OTPs). Time-based tokens generate codes based on the current time and counter-based tokens generate codes based on the number times the token is used. In practice there is very little difference between the two and either choice is valid. Click the add button when done.

Two-factor-02.png

Now you will be presented with a QR code with which you can load the token into the FreeOTP application on your smart-phone. Simply scan the code with FreeOTP and the token will be added to your phone. Click the OK button when done.

Two-factor-03.png

You have now successfully created your unique token.

By default, you may log in with your password only or you may log in with two-factor authentication (password+OTP). In order to mandate that logging into your account requires two-factor authentication, you must configure the allowable User authentication types on your account.

Two-factor-04.png

Simply ensure that only Two factor authentication is checked and click the update button when done.

Two-factor-05.png

From now on, you will no longer be able to login with your password alone. For every Dark Peak Data service that prompts you to login with a password, you must instead enter your password plus an OTP. For example, if your password is "cheese" and the OTP generated by the token on your smart-phone is "456123" then you should enter "cheese456123" into the password field of the service's login page.