Enabling Multifactor Authentication

From DreamHost
Revision as of 17:16, 17 June 2012 by Jantolak (Talk | contribs) (Turn On Multifactor Authentication: added minor point explaining how to use multiple authenticator devices)

Jump to: navigation, search

Multifactor Authentication is a way to increase the security of your account that requires you to enter additional one-time passcodes before you can gain access to your DreamHost account. It's a smart move that can help to protect you from hackers and website hijackers.

At DreamHost, we've made this security option available by integrating the Google Authenticator app with the DreamHost panel. We've picked the Google Authenticator app because it's available on Android devices, iOS devices like the iPhone, BlackBerry devices, and even on Windows Phone via 3rd party apps.

Take a look at the instructions below and we'll walk you through it, or check out our Multifactor Authentication FAQ for more information!

Getting the Google Authenticator App

Before you can enable Multifactor Authentication on your DreamHost account, you'll need to install the Google Authenticator app on your smartphone or tablet device.

NOTE: If you already have the Google Authenticator app on your smartphone or tablet device, you just need to click the "+" in the lower right corner (iOS) or open the settings for the app and click "Add account" (Android) and then proceed to the next section of this walkthrough.

Google's official documentation on downloading and installing the app can be found here: http://support.google.com/accounts/bin/answer.py?hl=en&answer=1066447.

The app can be downloaded from your device's App Store (or use Google's direct link for BlackBerry):

Turn On Multifactor Authentication

  1. Once you have the Google Authenticator App installed, log in to the panel and go to the Security tab in "Billing & Account" on the left hand side.

    The second section on that page is titled Multifactor Authentication.

  2. Enter your DreamHost account password in the Current Password field.
  3. Use the Multifactor Authentication Type drop-down list to choose the multifactor authentication method you would like to use.

    We recommend Google Authenticator with time-based one-time passcodes. Time-based codes provide better protection against phishing and keyloggers since each code is only valid for a short amount of time. Time-based codes also automatically stay in sync with our servers, as opposed to counter-based codes which require manual syncing.

    If you use counter-based codes, you will need to press the refresh button next to the code in the Google Authenticator App each time you use it to advance it to the next code.

  4. Click the Get Started button.

    You will now see a QR Code and a 16-digit Secret Key that you will need to activate Multifactor Authentication.

  5. Use the Google Authenticator App to scan the QR code. If your device does not have a camera you can enter the 16-digit Secret Key shown below the QR code into the app manually. If you have more than one device running Google Authenticator, scan the QR code or enter the key on every device that you want to use with this dreamhost account.
  6. The Google Authenticator app will display a 6-digit passcode. Enter the 6-digit passcode in the Passcode field.

    If you are using counter-based codes you may need to press the refresh button to display the first code

  7. Click the Activate! button and we'll make sure our servers are properly synced with your phone.

    Your account now has Multifactor Authentication enabled.

    If you suspect your account may be compromised (for example if you have lost your phone or mobile device), you can use the Regenerate Key button to invalidate the old key and create a new one.

Changes to Login with Multifactor Authentication Enabled

Once you've enabled Multifactor Authentication, you'll notice changes to the Login screen and the steps necessary to access your account.

Your Login screen will look like this:


You will now see a Multifactor Authentication Code field which you will use to enter the 6-digit passcode generated by your mobile device, and a Remember this computer? drop-down which will save you the step of generating and entering a passcode for either 1 week, or 1 month.

If you choose one of the options from the Remember this computer? drop-down such as 1 month, and log in during the time period you've selected, instead of the Multifactor Authentication Code field you will see a message indicating that your computer has already been verified.


After the time period you have selected expires, you will once again see the Multifactor Authentication Code field.

Changes When Logging in from a New Computer

Multifactor Authentication uses browser cookies to function, so if you try to log in from a new computer that has never been logged into DreamHost before, the Multifactor Authentication Code field will not initially be visible, and your first log in attempt will fail. After that first attempt, DreamHost will identify your account and make the Multifactor Authentication Code field visible so that you can log in.

This error message will appear the first time you log in with a new computer or if you do not enter a Multifactor Authentication Code:

Account Recovery with Multifactor Authentication

If you lose your Google Authenticator device you can still regain access to your account just like before. The old Forgot password link will now read Forgot password or lost/failed multifactor authentication?:

Mfa forgot password.png

Clicking this link will bring you to a form that asks for your e-mail. Once you submit the form we will send you a link that you can use to reset your password and disable multifactor authentication.