Feel free to secure your account!
Activating it is quite easy: Go to the User Control Panel, tab "Two Factor Authentication". Select "OTP" and hit "Add new key". Your OTP secret and a QR code are being generated. (The QR code basically contains the secret.)
Scan the code with your OTP app or enter the secret manually. Read the OTP from your OTP app and enter it in the "OTP key" field. Hit "Register new key", and 2FA is activated for your account! From now on, you'll need to enter the current OTP code after giving your username and password.
Of course, you can disable 2FA at any time by simply deleting the registered keys.
What is Two Factor Authentication?
Two Factor Authentication (2FA) with Time-based One-Time Passwords (TOTP) is a great way to protect your user accounts on any platform providing it. It basically means you do not only need your username and password to login, but also a 6-digit code freshly generated every 30 seconds e.g. in the OTP app on your mobile device.
So even if your username and password get stolen (via phishing, keylogging, social engineering, ... you name it), your account can still not be accessed without knowing the 6-digit OTP code (which changes every 30 seconds).
This massive increase in security comes with a price, though: Without your OTP generator (i.e., the OTP app on your mobile or any other program capable of generating the code), you will be not able to access your account. But fear not, a good OTP implementation will provide you with static backup codes you can use instead. Of course, nobody else than you should ever get those backup codes, so keep them well
2FA is a widely spread standard. Some examples: Amazon offers it, PayPal does, GitHub and Twitter as well. My personal recommendation: Try it, get used to using it, and activate it on any platform that provides it.
What's a good OTP app?
There may be countless TOTP generators out there. My recommendations are:
- The password safe KeePass (great for securely managing many different, unique and safe passwords on Windows, Linux and even mobile platforms!) has the OTP plugin KeeTrayTOTP.
- FreeOTP+ (F-Droid / Google Play Store) is great for Android devices.
- Apple users may want to take a look at FreeOTP.
If you have questions regarding 2FA or want to share opinions or recommendations, please feel free to do so here on the forum.
All the best,
Arvid