Improving security using two-factor authentication (2FA)

Modified: 04 Oct 2017 16:56 UTC

Joyent has added additional security features to the Triton Compute Service portal to assist customers who must comply with stringent security requirements, such as those mandated by PCI-DSS.

Information Enabling 2FA will also enable a 15 minute inactivity timeout which is required by many security standards.

What is two-factor authentication?

Typically when we log into computer systems, whether it an email account or the Triton Compute Service portal, we supply a username which identifies us and a password which authenticates us. This is "single-factor authentication" using a password, a series of characters that (hopefully) only we know.

Two-factor authentication (i.e. "2FA") seeks to improve security by adding a second type ("factor") of authentication. The first factor is still a traditional password. The most common second factor is a one-time password (OTP) generated by a physical device or by software on a smartphone.

In very high security environments, an alternative form of authentication may be used: biometrics. Biometric authentication is based on the shape of your hand or your fingerprint (or if you’re in a spy movie, a retinal scanner).

The advantage of using a second factor of authentication is that if your password being compromised, that alone isn't sufficient information to gain access to your account.

Does the Triton Compute Service portal support 2FA?

Yes, we support passwords and one-time passwords (OTP) using any Google Authenticator compatible application.

How do I enable two-factor authentication?

Login to the Triton Compute Service portal. Select your username from the top right corner and choose Two Factor Authentication. A popup will appear indicating if you have or have no turned on Two Factor Authentication. If it is disabled, Enable it.

2fa popup

You will see a 3 step process which will guide your through the process.

verify your identity

Joyent recommends using either Google Authenticator application or the Duo Mobile application. Duo is an excellent 2FA solution which integrates Google Authentication into their mobile app.

Once your preferred authenticator app is installed on your device, add a new account and scan the QR code into the app. Following this, the application should be registered. In the portal, enter the OTP code (a 6 digit number) into the box under step three and Verify.

How do I disable two-factor authentication?

If you decide to revert to single-factor authentication, just go back to the menu under your account name and select Two Factor Authentication. You will receive a popup with a "Disable" button.

How can I use two-factor authentication to protect my instances?

The Triton Compute Service portal two-factor authentication only protects your Triton account, not your instances themselves.

If you wish to use two-factor authentication to protect your instances, we recommend looking at Joyent partner Duo Security.