We're pleased to announce we've launched two-factor authentication to better protect your Bytemark account.
You might already use two-factor authentication (2FA) with some of your online services, where a simple password isn't good enough.
When you turn it on at Bytemark, the panel will displays a barcode for your phone to snap. Your phone then displays a 6-digit number which you need to enter to log on. The number changes ever 30 seconds, so it means someone can't just steal or guess your password to hack your account, they need to steal your phone as well!
The result should be that your Bytemark account is well-protected, and therefore your whole online infrastructure.
You can try it out by logging into our control panel and heading to the two-factor authentication setup page. It lives under the "Your profile" link in the top-right of the panel. The setup page looks like this:
You can then click "Setup two-factor authentication" to get the process started. This will show you a big barcode that looks like this:
At this point, you need to install an app on your phone to feed you the 6-digit passcodes. We'd recommend Google Authenticator which is both simple and free of charge. It's Google-branded, but will work for Bytemark and many other services that support two-factor authentication.
Here are the install links:
Once the app is installed, open it up, and skip the introduction:
Then on the accounts screen, choose "Scan barcode" and take a picture of the barcode on your computer screen:
Your phone will beep and start showing a six-digit code, which will look like this:
Once you've entered the code correctly on the setup screen, our panel will confirm it. It shows you this screen with a final, very important Recovery code displayed:
Please write down this code and store it somewhere safe! You'll need it if you ever lose your phone and need to disable the facility.
Once you've done that, the system should confirm that 2FA is now active on your account:
And now it's time to test that extra security! Hit Logout in the top-right, and you'll be thrown back to the login screen.
Try to log in again:
And here's the prompt for your code, hooray! You can then read the code off your phone, and enter it:
Finally that should log you in. We hope you find the facility useful and want to hear the feedback.
Questions you might have
Can I disable 2FA once it's enabled?
Yes, you can head back to the 2FA settings page and click "Disable two-factor authentication" at any time after you've logged in.
Does this work with the command line?
Yes, if you use the Bytemark command line client you'll need to enter the code whenever you use it too (at least once per "session", not every single time, just like your password).
You can currently only enable or disable two-factor authentication from the control panel.
What if I lose my phone?
When you set up two-factor authentication, you'll be given a one-time recovery code which you should print off and keep in a safe place at home. It's a long string of numbers and letters.
If you ever need to turn off two-factor authentication in future without your phone, you can dig out this code, along with your normal account password. There is a link on the login screen that reads "Lost your code?" which lets you trigger the account recovery, but you must have the code to use it.
What if I've lost my recovery code?
Unfortunately if you've lost your recovery code you will need to contact our friendly but thorough support team They will guide you through the verification process but it may take a full working day to restore your access. So if you're in a rush, don't lose that recovery code!
What if I have a V-Key?
When we launched Bytemark Cloud (BigV) in 2011, we used V-Keys to secure the first bunch of accounts (reprogrammed Yubikeys, which are little USB hardware tokens for your keyring). Most Bytemark customers don't have these and don't have to worry.
If you do have a V-Key, we're still supporting them. If you turn on 2FA, the V-Key will effectively be a third factor as well as your phone. If that's useful to you - great!
If you'd prefer to switch over to using just your phone, you can also contact our friendly support team and they can remove the V-Key.
We're particularly interested to hear from you if you use the V-Key and are interested in using 2FA as well, as we've not made a decision yet on whether this is something we'll support in future.
Feel free to ask anything else below, and I'll update this post accordingly.