- 1 What is Multifactor Authentication?
- 2 Why Would I Want Multifactor Authentication?
- 3 What Kinds of Multifactor Authentication can I use with the DreamHost Web Panel?
- 4 What if I don't have a Smart Phone or other Mobile Device?
- 5 How Do I Set it Up?
- 6 Can I Turn Off Multifactor Authentication for my Primary Computer?
- 7 Doesn't Remembering a Computer Defeat the Purpose of Multifactor Authentication?
What is Multifactor Authentication?
Authentication is the fancy word for what happens when you log in to a website. Normally, after you identify yourself with your username or e-mail address, the website asks for one piece of information to authenticate you – your password.
Multifactor Authentication takes this to another level and asks for one or more additional pieces of information to successfully authenticate you. Usually these extra factors go beyond just something you know (such as a password) and use something you have (like an ID card) or something you are (your fingerprint or a retinal scan, perhaps).
Without all the required factors, you won't be able to log in to the website.
Why Would I Want Multifactor Authentication?
Requiring these different kinds of factors for authentication makes it much harder for people to pretend to be you without your permission; not only do they need to figure out your password, they also need to steal your ID card or fake your fingerprint. Accounts protected with multifactor authentication are usually much safer than those protected with only a password.
Multifactor authentication can help combat fraud and protect you. If you're worried about security or just want a bit of added peace-of-mind you should check out multifactor authentication.
What Kinds of Multifactor Authentication can I use with the DreamHost Web Panel?
DreamHost supports using one-time passcodes generated with the Google Authenticator app -- which must be installed on your smartphone or mobile device -- or with a YubiKey -- which is a hardware token that plugs into a USB slot and types out a passcode.
When using Google Authenticator, each one-time passcode is a temporary 6-digit code. You can specify that passcodes be time-based, meaning the code changes every 30 seconds, or counter-based which changes only when used.
Note: if your phone's clock is off by more than a few minutes when using Google Authenticator time-based passcodes will not function properly.
What if I don't have a Smart Phone or other Mobile Device?
You could purchase a YubiKey and use that! If you'd like to see more multifactor authentication options become available drop us a line and let us know what you'd like to see.
How Do I Set it Up?
Check out our kick-ass instructions here: Enabling Multifactor Authentication
Can I Turn Off Multifactor Authentication for my Primary Computer?
Yes you can! Multifactor authentication is great for the security-conscious, but it can be a hassle day to day. When you log in with multifactor authentication, you'll have the option to have our server remember the computer you're using for either 1 week or 1 month without prompting you for a one-time passcode.
Doesn't Remembering a Computer Defeat the Purpose of Multifactor Authentication?
Not really. When you choose to remember a computer, you haven't disabled multifactor authentication, you've just told us that a particular computer can be used as the second form of authentication rather than a one-time passcode.
The purpose of multifactor authentication is to make it harder for someone to steal all the information needed to log in to your account. On public computers, such as those at a library or internet café, you don't know if it has a keylogger installed that's saving your username and password. If you are required to enter your one-time passcode on that computer, however, other people can't log in to your account even if they've stolen your username and password.
On the other hand, if you're sitting safely at home, using a computer you had us remember, and you get tricked into giving your username and password to a phishing site who intends to misuse that information, the phishers won't be able to log in to your account because their computer isn't remembered and they still need to use a one-time password.