Improving security using two-factor authentication (2FA)
Joyent has added additional security features to our Triton Compute Service portal to assist customers who must comply with stringent security requirements, such as those mandated by PCI-DSS.
Enabling 2FA will also enable a 15 minute inactivity timeout which is required by many security standards.
Typically when we log into computer systems, whether it an email account or the Triton Compute Service portal, we supply a username which identifies us and a password which authenticates us. This is "single-factor authentication" using a password, a series of characters that (hopefully) only we know.
Two-factor authentication, also abbreviated as "2FA", seeks to improve security by adding a second type ("factor") of authentication. The first factor is still a password, something you know. The most common second factor added to this is a one-time password (OTP) generated by a physical device or by software on a smartphone, that is, something you have.
In very high security environments an alternative form of authentication may be used: biometrics. Biometric authentication is based on the shape of your hand or your fingerprint (or if you’re in a spy movie, a retinal scanner), that is, something you are.
The advantage of using a second factor of authentication is that even in the event of your password being compromised, it still isn't sufficient to gain access to your account.
Yes, we support passwords and one-time passwords (OTP) using any Google Authenticator compatible application.
Login to the Triton Compute Service portal and select "My Account" from the top navigation bar to see your Account Summary. From the menu on the right side, click "Edit Account". On this screen you can update your contact info, change your password, and enable two-factor authentication. Once you click the "Enable" button you will see a 3 step process which will guide your through the process.
Once your preferred authenticator app is installed on your device, use its function to add a new account and scan the QR code in the app. Following this the app should be registered. In the Portal, enter the OTP code (a 6 digit number) into the box and click the "Verify" button.
If you decide to revert to single-factor authentication, just go back to the "Edit Account" screen like you did to enable it and you will see a "Disable" button.
The Triton Compute Service portal two-factor authentication only protects your Portal account, not your instances themselves.
If you wish to use two-factor authentication to protect your instances we recommend looking at Joyent partner Duo Security.