DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports Events Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
  1. DZone
  2. Software Design and Architecture
  3. Cloud Architecture
  4. Two-Factor Authentication for Extra Security in the Cloud

Two-Factor Authentication for Extra Security in the Cloud

Want to learn more about gaining extra security in the cloud? Check out this post to learn more about implementing two-factor authentication with Jelastic.

Gleb Antonov user avatar by
Gleb Antonov
·
Oct. 08, 18 · Tutorial
Like (2)
Save
Tweet
Share
4.61K Views

Join the DZone community and get the full member experience.

Join For Free

Using credentials in combination with a piece of information that only the user knows makes it harder for intruders to get access to an account. That’s why Jelastic added two-factor authentication (2FA) that provides an extra security layer. With this feature enabled, in addition to username and password, it is required to enter the code randomly generated in the authenticator application on the phone to access the Jelastic account. Below, we’ll describe how to enable and manage this second authentication step.

Enable Two-Factor Authentication

In order to secure your account with the 2FA, follow the steps below:

1. Go to the Settings section by clicking on the same-named button at the top-right corner of the dashboard.two-factor authentication

2. Within the opened frame, switch to the Account tab and click Set Up Two-Factor Authentication.account authentication

You need to confirm your password via the appeared pop-up to proceed.

3. Next, you need to interconnect your Jelastic account with the Google Authenticator application on your mobile phone (if needed, follow the linked guide to help you with installation). Open the app on your device and add the account by either scanning the displayed QR code or manually typing the provided data.authenticator application

As a result, you’ll see the six-digit code (automatically refreshed every 30 seconds), type it into the dashboard frame and click Next to verify.

4. In the second step, you’ll see the recovery codes, which can be used as a one-time alternative to the generated authentication codes.

Note: Ensure your recovery codes are saved. Otherwise, in case of your phone unavailability, you won’t be able to connect to your account. Also, they are the only option to restore access upon device loss.

two steps authentication

You need to tick the I’ve saved the data checkbox (automatically checked after using the Download or Copy buttons) to be able to close this window by clicking Done.

5. Now, to log into the account, you’ll need to provide the login/password credentials (as usual) and enter a code from the authentication application on your device (or the recovery code).account access verification

That’s it! Your account is now protected with two-factor authentication.

Manage Recovery Codes

On the accounts with already enabled 2FA, it is possible to view/regenerate recovery codes:

1. Go to the Settings > Account section and click the View Recovery Codes button.access verification

Confirm the password for your account to continue.

2. Here, you can see your current recovery codes and, if necessary, Download/Copy them with the appropriate buttons.access recovery codes

If you ran out of the recovery codes (as each one can be used just once) or if you consider them compromised, click the link at the bottom of the frame (circled in the image above) to generate new ones.

3. In the appeared pop-up, confirm the operation and, in a moment, you’ll get new codes.access codes

Don’t forget to save the displayed recovery codes with the Download/Copy buttons, as the old ones won’t work anymore.

Disable Two-Factor Authentication

If you need to disable the 2FA for your account, follow the next steps:

1. Navigate to the Settings > Account section and click the Disable Two-Factor Authentication button.two steps access

Tip: In case you want to disable/rebind two-factor authentication due to device loss, use one of the recovery codes to log into the dashboard.

2. Confirm your decision through the appropriate pop-up and provide a password in the next one.account authentication

That’s it! Your account is now accessible with just the login/password credentials.

Using API With Two-Factor Authentication

In order to get a valid session for the API requests on accounts with enabled 2FA, you need to call an additional Verify2FACode method after the SignIn one. In such a way, you’ll be able to provide a six-digit authentication code from the appropriate application on your device.

To avoid such complexity, it is recommended generating and using personal access tokens in your API requests and custom automation scripts.

authentication security Cloud

Published at DZone with permission of Gleb Antonov. See the original article here.

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • Differences Between Site Reliability Engineer vs. Software Engineer vs. Cloud Engineer vs. DevOps Engineer
  • Better Performance and Security by Monitoring Logs, Metrics, and More
  • A Brief Overview of the Spring Cloud Framework
  • ChatGPT Prompts for Agile Practitioners

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends: