Forum: Login with Two Factor Authentication

General information and announcements regarding the FlatPress project
Post Reply
User avatar
Arvid
FlatPress Coder
Posts: 497
Joined: Sat Jan 26, 2019 7:40 pm
Contact:

Forum: Login with Two Factor Authentication

Post by Arvid » Fri Jan 06, 2023 8:48 pm

From now on, the FlatPress support forum supports Two Factor Authentication (2FA). (For more information on what's 2FA, see below.)
Feel free to secure your account!

Activating it is quite easy: Go to the User Control Panel, tab "Two Factor Authentication". Select "OTP" and hit "Add new key".
2fa.png
2fa.png (72.79 KiB) Viewed 5669 times
Your OTP secret and a QR code are being generated. (The QR code basically contains the secret.)
Scan the code with your OTP app or enter the secret manually.
2fa_2.png
2fa_2.png (51.22 KiB) Viewed 5669 times
Read the OTP from your OTP app and enter it in the "OTP key" field. Hit "Register new key", and 2FA is activated for your account! From now on, you'll need to enter the current OTP code after giving your username and password.

Of course, you can disable 2FA at any time by simply deleting the registered keys.

What is Two Factor Authentication?
Two Factor Authentication (2FA) with Time-based One-Time Passwords (TOTP) is a great way to protect your user accounts on any platform providing it. It basically means you do not only need your username and password to login, but also a 6-digit code freshly generated every 30 seconds e.g. in the OTP app on your mobile device.
So even if your username and password get stolen (via phishing, keylogging, social engineering, ... you name it), your account can still not be accessed without knowing the 6-digit OTP code (which changes every 30 seconds).
This massive increase in security comes with a price, though: Without your OTP generator (i.e., the OTP app on your mobile or any other program capable of generating the code), you will be not able to access your account. But fear not, a good OTP implementation will provide you with static backup codes you can use instead. Of course, nobody else than you should ever get those backup codes, so keep them well :)

2FA is a widely spread standard. Some examples: Amazon offers it, PayPal does, GitHub and Twitter as well. My personal recommendation: Try it, get used to using it, and activate it on any platform that provides it.

What's a good OTP app?
There may be countless TOTP generators out there. My recommendations are:
  • The password safe KeePass (great for securely managing many different, unique and safe passwords on Windows, Linux and even mobile platforms!) has the OTP plugin KeeTrayTOTP.
  • FreeOTP+ (F-Droid / Google Play Store) is great for Android devices.
  • Apple users may want to take a look at FreeOTP.
More questions?
If you have questions regarding 2FA or want to share opinions or recommendations, please feel free to do so here on the forum.

All the best,
Arvid

Post Reply

Who is online

Users browsing this forum: No registered users and 0 guests