Enabling Multifactor Authentication
Multifactor Authentication is a way to increase the security of your account that requires you to enter additional one-time passcodes before you can gain access to your DreamHost account. It's a smart move that can help to protect you from hackers and website hijackers.
At DreamHost, we've made this security option available by integrating the Google Authenticator app with the DreamHost panel. We've picked the Google Authenticator app because it's available on Android devices, iOS devices like the iPhone, BlackBerry devices, and even on Windows Phone via 3rd party apps.
Take a look at the instructions below and we'll walk you through it, or check out our Multifactor Authentication FAQ for more information!
Getting the Google Authenticator App
Before you can enable Multifactor Authentication on your DreamHost account, you'll need to install the Google Authenticator app on your smartphone or tablet device.
Google's official documentation on downloading and installing the app can be found here: http://support.google.com/accounts/bin/answer.py?hl=en&answer=1066447.
The app can be downloaded from your device's App Store (or use Google's direct link for BlackBerry):
- Android devices: Google Play
- iPhone, iPad, or iPod Touch: iTunes App Store
- BlackBerry devices: Google Authenticator Download (visit from your BlackBerry device)
- Windows Phone: Windows Marketplace (Third-Party Apps)
- Unofficial Java Client: Wikipedia Entry
Turn On Multifactor Authentication
- Once you have the Google Authenticator App installed, log in to the panel and go to the Security tab in "Billing & Account" on the left hand side.
The second section on that page is titled Multifactor Authentication.
- Enter your DreamHost account password in the Current Password field.
- Use the Multifactor Authentication Type drop-down list to choose the multifactor authentication method you would like to use.
We recommend Google Authenticator with time-based one-time passcodes. Time-based codes provide better protection against phishing and keyloggers since each code is only valid for a short amount of time. Time-based codes also automatically stay in sync with our servers, as opposed to counter-based codes which require manual syncing.
If you use counter-based codes, you will need to press the refresh button next to the code in the Google Authenticator App each time you use it to advance it to the next code.
- Click the Get Started button.
You will now see a QR Code and a 16-digit Secret Key that you will need to activate Multifactor Authentication.
- Use the Google Authenticator App to scan the QR code. If your device does not have a camera you can enter the 16-digit Secret Key shown below the QR code into the app manually. If you have more than one device running Google Authenticator, scan the QR code or enter the key on every device that you want to use with this dreamhost account.
- The Google Authenticator app will display a 6-digit passcode. Enter the 6-digit passcode in the Passcode field.
If you are using counter-based codes you may need to press the refresh button to display the first code
- Click the Activate! button and we'll make sure our servers are properly synced with your phone.
Your account now has Multifactor Authentication enabled.
Changes to Login with Multifactor Authentication Enabled
Once you've enabled Multifactor Authentication, you'll notice changes to the Login screen and the steps necessary to access your account.
Your Login screen will look like this:
You will now see a Multifactor Authentication Code field which you will use to enter the 6-digit passcode generated by your mobile device, and a Remember this computer? drop-down which will save you the step of generating and entering a passcode for either 1 week, or 1 month.
If you choose one of the options from the Remember this computer? drop-down such as 1 month, and log in during the time period you've selected, instead of the Multifactor Authentication Code field you will see a message indicating that your computer has already been verified.
After the time period you have selected expires, you will once again see the Multifactor Authentication Code field.
Changes When Logging in from a New Computer
Multifactor Authentication uses browser cookies to function, so if you try to log in from a new computer that has never been logged into DreamHost before, the Multifactor Authentication Code field will not initially be visible, and your first log in attempt will fail. After that first attempt, DreamHost will identify your account and make the Multifactor Authentication Code field visible so that you can log in.
- This error message will appear the first time you log in with a new computer or if you do not enter a Multifactor Authentication Code:
Account Recovery with Multifactor Authentication
If you lose your Google Authenticator device you can still regain access to your account just like before. The old Forgot password link will now read Forgot password or lost/failed multifactor authentication?:
Clicking this link will bring you to a form that asks for your e-mail. Once you submit the form we will send you a link that you can use to reset your password and disable multifactor authentication.