Improving security using two-factor authentication (2FA)

Modified: 23 Feb 2017 17:59 UTC

Joyent has added additional security features to our Triton Compute Service portal to assist customers who must comply with stringent security requirements, such as those mandated by PCI-DSS.

Information Enabling 2FA will also enable a 15 minute inactivity timeout which is required by many security standards.

What is two-factor authentication?

Typically when we log into computer systems, whether it an email account or the Triton Compute Service portal, we supply a username which identifies us and a password which authenticates us. This is "single-factor authentication" using a password, a series of characters that (hopefully) only we know.

Two-factor authentication, also abbreviated as "2FA", seeks to improve security by adding a second type ("factor") of authentication. The first factor is still a password, something you know. The most common second factor added to this is a one-time password (OTP) generated by a physical device or by software on a smartphone, that is, something you have.

In very high security environments an alternative form of authentication may be used: biometrics. Biometric authentication is based on the shape of your hand or your fingerprint (or if you’re in a spy movie, a retinal scanner), that is, something you are.

The advantage of using a second factor of authentication is that even in the event of your password being compromised, it still isn't sufficient to gain access to your account.

Does the Triton Compute Service portal support 2FA?

Yes, we support passwords and one-time passwords (OTP) using any Google Authenticator compatible application.

How do I enable two-factor authentication?

Login to the Triton Compute Service portal and select "My Account" from the top navigation bar to see your Account Summary. From the menu on the right side, click "Edit Account". On this screen you can update your contact info, change your password, and enable two-factor authentication. Once you click the "Enable" button you will see a 3 step process which will guide your through the process.

two-factor authentication setup process

Joyent recommends using either Google Authenticator or the Duo Mobile application (Duo is an excellent 2FA solution which also integrates Google Auth into their mobile app.)

Once your preferred authenticator app is installed on your device, use its function to add a new account and scan the QR code in the app. Following this the app should be registered. In the Portal, enter the OTP code (a 6 digit number) into the box and click the "Verify" button.

That's it!

How do I disable two-factor authentication?

If you decide to revert to single-factor authentication, just go back to the "Edit Account" screen like you did to enable it and you will see a "Disable" button.

How can I use two-factor authentication to protect my instances?

The Triton Compute Service portal two-factor authentication only protects your Portal account, not your instances themselves.

If you wish to use two-factor authentication to protect your instances we recommend looking at Joyent partner Duo Security.