{"id":1390,"date":"2015-02-03T22:44:03","date_gmt":"2015-02-04T03:44:03","guid":{"rendered":"http:\/\/adsecurity.org\/?p=1390"},"modified":"2015-09-15T21:36:24","modified_gmt":"2015-09-16T01:36:24","slug":"configuring-two-factor-authentication-for-web-cloud-services","status":"publish","type":"post","link":"https:\/\/adsecurity.org\/?p=1390","title":{"rendered":"Configuring Two-Factor Authentication for Web (Cloud) Services"},"content":{"rendered":"<p>Don&#8217;t want your web (cloud) account password to get hacked?<br \/>\nEnable Two-Factor Authentication (aka two-step verification)!<\/p>\n<h4><a href=\"https:\/\/accounts.google.com\/\">Google Account<\/a>:<\/h4>\n<ul>\n<li>Visit <a href=\"https:\/\/www.google.com\/landing\/2step\/\">this site<\/a> and follow the instructions to configure your cell phone as a second factor<\/li>\n<\/ul>\n<blockquote>\n<p class=\"sign-in\"><strong>Step 1:\u00a0 You&#8217;ll enter your password<\/strong><\/p>\n<p>Whenever you sign in to Google, you&#8217;ll enter your password as usual.<\/p>\n<p class=\"sign-in\"><strong>Step 2:\u00a0 You&#8217;ll be asked for something else<\/strong><\/p>\n<p>Then, a code will be sent to your phone via text, voice call, or our mobile app. Or, if you have a Security Key, you can insert it into your computer\u2019s USB port.<\/p><\/blockquote>\n<h4><\/h4>\n<h4><a href=\"https:\/\/twitter.com\/\">Twitter<\/a>:<\/h4>\n<ul>\n<li>Follow the instructions <a href=\"https:\/\/blog.twitter.com\/2013\/getting-started-with-login-verification\">here<\/a>.<\/li>\n<\/ul>\n<blockquote>\n<ol>\n<li>Visit your <a href=\"https:\/\/twitter.com\/account\/settings\">account settings<\/a> page.<\/li>\n<li>Select \u201cRequire a verification code when I sign in.\u201d<\/li>\n<li>Click on the link to \u201cadd a phone\u201d and follow the prompts.<\/li>\n<li>After you enroll in login verification, you\u2019ll be asked to enter a six-digit code that we send to your phone via SMS each time you sign in to twitter.com.<\/li>\n<\/ol>\n<\/blockquote>\n<p>&nbsp;<\/p>\n<h4><a href=\"https:\/\/login.microsoftonline.com\/\">Office 365:<\/a><\/h4>\n<ul>\n<li><a href=\"http:\/\/blogs.office.com\/2014\/02\/10\/multi-factor-authentication-for-office-365\/\">Multi-Factor Authentication for Office 365<\/a><\/li>\n<\/ul>\n<blockquote><p>Multi-factor authentication increases the security of user logins for cloud services above and beyond just a password. With Multi-Factor Authentication for Office 365, users are required to acknowledge a phone call, text message, or an app notification on their smartphone after correctly entering their password. Only after this second authentication factor has been satisfied can a user sign in.<\/p>\n<p>Multi-factor authentication has been available for Office 365 administrative roles since June 2013, and today we\u2019re extending this capability to any Office 365 user. We\u2019re also enhancing the capabilities that have been available since June. We\u2019re adding App Passwords for users so they can authenticate from Office desktop applications as these are not yet updated to enable multi-factor authentication. And we\u2019re enabling users who are authenticated from a federated on-premises directory to be enabled for multi-factor authentication.<\/p>\n<p>This addition of multi-factor authentication is part of our ongoing effort to enhance security for Office 365, and we\u2019re already working on Office desktop application improvements to Multi-Factor Authentication for Office 365, which we\u2019ll introduce later in this post. Office 365 offers many robust built-in security features for all customers and also optional controls that enable subscribers to customize their security preferences. More information about security in Office 365 is available in <a href=\"http:\/\/TrustOffice365.com\" target=\"_blank\">the Office 365 Trust Center<\/a>.<\/p><\/blockquote>\n<p>&nbsp;<\/p>\n<h4><a href=\"http:\/\/www.microsoft.com\/en-us\/account\/default.aspx\">Microsoft Account<\/a>:<\/h4>\n<ul>\n<li>Microsoft enabled a <a href=\"http:\/\/windows.microsoft.com\/en-us\/windows\/two-step-verification-faq\">security code for enhanced security<\/a>.<\/li>\n<\/ul>\n<blockquote>\n<p class=\"para\"><span class=\"newTerm\">Two-step verification<\/span> uses two ways to verify your identity whenever you sign in to your Microsoft account:<\/p>\n<ul class=\"unordered\">\n<li class=\"listItem\">\n<p class=\"para\">Your password<\/p>\n<\/li>\n<li class=\"listItem\">\n<p class=\"para\">An extra security code<\/p>\n<\/li>\n<\/ul>\n<p class=\"para\">Two-step verification helps protect your account by making it more difficult for a hacker to sign in, even if they&#8217;ve somehow learned your password. If you turn on two-step verification, you&#8217;ll see an extra page every time you sign in on <a class=\"navigationLink\" href=\"http:\/\/go.microsoft.com\/fwlink\/p\/?LinkID=286339\" data-id=\"pageContainer0_ID0EDB\">a device that isn&#8217;t trusted<\/a>. The extra page prompts you to enter a security code to sign in. We can send a new security code to your phone or your alternate email address, or you can obtain one through an authenticator app on your smartphone.<\/p>\n<\/blockquote>\n<h4><\/h4>\n<p><!--more--><\/p>\n<h4><a href=\"https:\/\/www.linkedin.com\/\">LinkedIn<\/a>:<\/h4>\n<ul>\n<li>Instructions for enabling two-step verification with SMS (text message) <a href=\"https:\/\/help.linkedin.com\/app\/answers\/detail\/a_id\/544\/~\/turning-two-step-verification-on-and-off\">here<\/a>:<\/li>\n<\/ul>\n<blockquote><p>To turn on two-step verification:<\/p>\n<ol>\n<li>Move your cursor over your profile photo at the upper right of your homepage and select <em>Privacy &amp; Settings<\/em>. For verification purposes, you may need to sign in again.<\/li>\n<li>Click the <em>Account<\/em> side tab by the shield icon towards the bottom of the page and select <em>Manage security settings<\/em>.<\/li>\n<li>Click <em>Turn On<\/em> under the <em>Two-step verification<\/em> section.<\/li>\n<li>Enter your cell phone number to receive a verification code.<\/li>\n<li>Click <em>Send Code<\/em>.<\/li>\n<li>Once you receive the code sent to your phone, enter it into the box on the device you&#8217;re using to sign.<\/li>\n<li>Click <em>Verify<\/em>.<\/li>\n<li>Click <em>Done<\/em>.<\/li>\n<\/ol>\n<\/blockquote>\n<p>&nbsp;<\/p>\n<h4><a href=\"https:\/\/github.com\/\">GitHub<\/a>:<\/h4>\n<ul>\n<li><a href=\"https:\/\/help.github.com\/articles\/about-two-factor-authentication\/\">TFA is available<\/a> for enhanced authentication security with several available methods.<\/li>\n<\/ul>\n<blockquote>\n<div class=\"article-body content-body wikistyle markdown-format\">\n<h3>Configuring authentication via a TOTP mobile app<\/h3>\n<p>We recommend authenticating with a <em>Time-based One-Time Password<\/em> (TOTP) application, which automatically generates an authentication code that changes after a certain period of time. TOTP applications are more reliable than SMS, especially for locations outside the US. For more information, see <a href=\"https:\/\/help.github.com\/articles\/configuring-two-factor-authentication-via-a-totp-mobile-app\">Configuring two-factor authentication via a TOTP mobile app<\/a>.<\/p>\n<h3><a class=\"anchor\" href=\"https:\/\/help.github.com\/articles\/about-two-factor-authentication\/#configuring-authentication-via-text-message\" name=\"configuring-authentication-via-text-message\"><\/a>Configuring authentication via text message<\/h3>\n<p>If you&#8217;re unable to authenticate using a TOTP mobile app, you may be able to generate codes using SMS. This method isn&#8217;t recommended for non-US numbers; before configuring authentication via SMS, review our <a href=\"https:\/\/help.github.com\/articles\/countries-where-sms-authentication-is-supported\">list of countries where GitHub supports authentication via SMS<\/a>. For more information, see <a href=\"https:\/\/help.github.com\/articles\/configuring-two-factor-authentication-via-text-message\">Configuring two-factor authentication via text message<\/a>.<\/p>\n<h3><a class=\"anchor\" href=\"https:\/\/help.github.com\/articles\/about-two-factor-authentication\/#saving-your-recovery-codes\" name=\"saving-your-recovery-codes\"><\/a>Saving your recovery codes<\/h3>\n<p>After successfully setting up 2FA, you&#8217;ll be provided a set of randomly generated recovery codes that you should view and save. We strongly recommend saving your recovery codes immediately. If you don&#8217;t, though, you can download them at any point after enabling two-factor authentication. For more information, see <a href=\"https:\/\/help.github.com\/articles\/downloading-your-two-factor-authentication-recovery-codes\">Downloading your two-factor authentication recovery codes<\/a>.<\/p>\n<h3><a class=\"anchor\" href=\"https:\/\/help.github.com\/articles\/about-two-factor-authentication\/#specifying-a-fallback-sms-number\" name=\"specifying-a-fallback-sms-number\"><\/a>Specifying a fallback SMS number<\/h3>\n<p>You can <a href=\"https:\/\/help.github.com\/articles\/setting-a-fallback-authentication-number\">provide a second number for a <em>fallback<\/em> device<\/a>. If you lose access to both your primary device and your recovery codes, a backup SMS number can get you back in to your account.<\/p>\n<h3><a class=\"anchor\" href=\"https:\/\/help.github.com\/articles\/about-two-factor-authentication\/#changing-authentication-delivery-methods\" name=\"changing-authentication-delivery-methods\"><\/a>Changing authentication delivery methods<\/h3>\n<p>You can always <a href=\"https:\/\/help.github.com\/articles\/changing-two-factor-authentication-delivery-methods\">switch between receiving authentication codes through a text message or a mobile application<\/a>.<\/p>\n<\/div>\n<div class=\"support-footer\">\n<hr \/>\n<\/div>\n<\/blockquote>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<h4><a href=\"https:\/\/www.facebook.com\/\">\u00a0Facebook<\/a>:<\/h4>\n<ul>\n<li>Facebook enabled a <a href=\"https:\/\/www.facebook.com\/notes\/facebook-engineering\/introducing-login-approvals\/10150172618258920\">second factor check for logons<\/a> from new devices a few years back.<\/li>\n<\/ul>\n<p><a href=\"https:\/\/adsecurity.org\/wp-content\/uploads\/2015\/02\/Facebook-Auth-Code-01.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-1393\" src=\"https:\/\/adsecurity.org\/wp-content\/uploads\/2015\/02\/Facebook-Auth-Code-01.png\" alt=\"Facebook-Auth-Code-01\" width=\"375\" height=\"118\" srcset=\"https:\/\/adsecurity.org\/wp-content\/uploads\/2015\/02\/Facebook-Auth-Code-01.png 762w, https:\/\/adsecurity.org\/wp-content\/uploads\/2015\/02\/Facebook-Auth-Code-01-300x94.png 300w\" sizes=\"auto, (max-width: 375px) 100vw, 375px\" \/><\/a><\/p>\n<p><a href=\"https:\/\/adsecurity.org\/wp-content\/uploads\/2015\/02\/Facebook-Auth-Code-02.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-1394\" src=\"https:\/\/adsecurity.org\/wp-content\/uploads\/2015\/02\/Facebook-Auth-Code-02.png\" alt=\"Facebook-Auth-Code-02\" width=\"290\" height=\"271\" srcset=\"https:\/\/adsecurity.org\/wp-content\/uploads\/2015\/02\/Facebook-Auth-Code-02.png 549w, https:\/\/adsecurity.org\/wp-content\/uploads\/2015\/02\/Facebook-Auth-Code-02-300x280.png 300w\" sizes=\"auto, (max-width: 290px) 100vw, 290px\" \/><\/a><\/p>\n<p><a href=\"https:\/\/adsecurity.org\/wp-content\/uploads\/2015\/02\/Facebook-Auth-Code-03.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-1396\" src=\"https:\/\/adsecurity.org\/wp-content\/uploads\/2015\/02\/Facebook-Auth-Code-03.png\" alt=\"Facebook-Auth-Code-03\" width=\"457\" height=\"138\" srcset=\"https:\/\/adsecurity.org\/wp-content\/uploads\/2015\/02\/Facebook-Auth-Code-03.png 758w, https:\/\/adsecurity.org\/wp-content\/uploads\/2015\/02\/Facebook-Auth-Code-03-300x91.png 300w\" sizes=\"auto, (max-width: 457px) 100vw, 457px\" \/><\/a><\/p>\n<p><a href=\"https:\/\/adsecurity.org\/wp-content\/uploads\/2015\/02\/Facebook-Auth-Code-04.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-1397\" src=\"https:\/\/adsecurity.org\/wp-content\/uploads\/2015\/02\/Facebook-Auth-Code-04.png\" alt=\"Facebook-Auth-Code-04\" width=\"454\" height=\"220\" srcset=\"https:\/\/adsecurity.org\/wp-content\/uploads\/2015\/02\/Facebook-Auth-Code-04.png 960w, https:\/\/adsecurity.org\/wp-content\/uploads\/2015\/02\/Facebook-Auth-Code-04-300x145.png 300w\" sizes=\"auto, (max-width: 454px) 100vw, 454px\" \/><\/a>\u00a0<a href=\"https:\/\/adsecurity.org\/wp-content\/uploads\/2015\/02\/Facebook-Auth-Code-05.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-1398\" src=\"https:\/\/adsecurity.org\/wp-content\/uploads\/2015\/02\/Facebook-Auth-Code-05.png\" alt=\"Facebook-Auth-Code-05\" width=\"665\" height=\"228\" srcset=\"https:\/\/adsecurity.org\/wp-content\/uploads\/2015\/02\/Facebook-Auth-Code-05.png 960w, https:\/\/adsecurity.org\/wp-content\/uploads\/2015\/02\/Facebook-Auth-Code-05-300x103.png 300w\" sizes=\"auto, (max-width: 665px) 100vw, 665px\" \/><\/a><\/p>\n<h4><a href=\"https:\/\/slack.zendesk.com\/hc\/en-us\/articles\/204509068-Enabling-two-factor-authentication\">Slack<\/a>:<\/h4>\n<p>Slack Two Factor Authentication (TFA) supports both an authenticator app and SMS (text) messages.<\/p>\n<blockquote>\n<header class=\"article-header clearfix\">\n<h1><a href=\"https:\/\/slack.zendesk.com\/hc\/en-us\/articles\/204509068-Enabling-two-factor-authentication\">Enabling two-factor authentication<\/a><\/h1>\n<\/header>\n<div class=\"article-body\">\n<p>Two-factor authentication (2FA) adds an extra layer of security to your Slack account by requiring access to your phone when you log in. With 2FA enabled, you can rest easy: Only you can log into your Slack account, even if your password is compromised or stolen.<\/p>\n<p><strong>Here\u2019s how it works:<\/strong><\/p>\n<ul>\n<li>Whenever you sign in to Slack, you\u2019ll be prompted to enter a verification code along with your normal password.<\/li>\n<li>You\u2019ll either receive a text message from Slack with your authentication code, or easily generate your\u00a0code using an authentication app on your mobile phone.<\/li>\n<li>Enter the code in Slack, and that\u2019s it! You\u2019ll be logged into Slack as usual, with added peace of mind.<\/li>\n<\/ul>\n<\/div>\n<\/blockquote>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Don&#8217;t want your web (cloud) account password to get hacked? Enable Two-Factor Authentication (aka two-step verification)! Google Account: Visit this site and follow the instructions to configure your cell phone as a second factor Step 1:\u00a0 You&#8217;ll enter your password Whenever you sign in to Google, you&#8217;ll enter your password as usual. Step 2:\u00a0 You&#8217;ll &hellip; <\/p>\n<p><a class=\"more-link btn\" href=\"https:\/\/adsecurity.org\/?p=1390\">Continue reading<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[431,2,156],"tags":[646,436,437,435,434,644,643,642,645,439,438,433,432],"class_list":["post-1390","post","type-post","status-publish","format-standard","hentry","category-cloud-security","category-technical-reference","category-thecloud","tag-authenticator","tag-facebook","tag-github","tag-gmail","tag-google","tag-googleaccount","tag-microsoftaccount","tag-slack","tag-smsauthentication","tag-textauth","tag-tfa","tag-twitter","tag-twofactorauthentication","item-wrap"],"_links":{"self":[{"href":"https:\/\/adsecurity.org\/index.php?rest_route=\/wp\/v2\/posts\/1390","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/adsecurity.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/adsecurity.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/adsecurity.org\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/adsecurity.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1390"}],"version-history":[{"count":9,"href":"https:\/\/adsecurity.org\/index.php?rest_route=\/wp\/v2\/posts\/1390\/revisions"}],"predecessor-version":[{"id":1813,"href":"https:\/\/adsecurity.org\/index.php?rest_route=\/wp\/v2\/posts\/1390\/revisions\/1813"}],"wp:attachment":[{"href":"https:\/\/adsecurity.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1390"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/adsecurity.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1390"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/adsecurity.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1390"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}