Hetzner - DokuWiki

KonsoleH:Zwei-Faktor-Authentifizierung/en

Inhaltsverzeichnis

Two-factor authentication

Introduction

With two-factor authentication, or "2FA" for short, you can confirm your identity with two factors. The first factor is something you know (your username and password). The second factor is something you have or possess (either a Yubikey or smartphone connected to your account). With 2FA in place, if someone steals your access details, those details are almost worthless.

Authentification methods

There are two ways to use two-factor authentication on konsoleH:

"Yubikey ": A Yubikey is a USB stick that is connected to a USB port on your computer or it can be connected to your smartphone via NFC. This Yubikey generates a unique password which is entered into the corresponding field during login. Customers must provide their own Yubikeys. We at Hetzner Online do not sell them. You can find more information and buy Yubikeys at https://www.yubico.com/ .

"Smartphone / Tablet ": If you use an authentication app on your smartphone or tablet, you will use an additional six-digit code. You will get the code from the authentication app configured on your account. If you do not have an authentication app, you can install Google Authenticator and use it for this purpose.

"Important note" If you try to activate 2FA without first selecting and providing an authentication method, the 2FA will automatically be deactivated.

Recovery key

The recovery key is required if you want to access your account, but have no access to your stored authentication methods. You can reset the 2FA by entering the recovery key.

If you do not have access to your recovery key and authentication methods, you can use a new recovery key. The recovery key will be sent to the postal address on your account. It can only be sent by post.

How to set a new authentication method

First, you must make sure that you have activated 2FA and that your recovery key is secure.

You can then connect your Yubikey or your smartphone/tablet with your account. Connect whichever method you prefer.

"Yubikey ": If you have changed the configuration of your Yubikey, please note that you need to first set up your Yubikey on Yubicloud. Otherwise, you will not be able to use the Yubikey. To set up your key, click on "Yubikey" under "Authentication methods". Then enter your password, give your Yubikey a name that you want to use with it, and then enter your Yubikey OTP (one-time password). To do this, insert the Yubikey into a USB port and click on the corresponding activation button. You should be able to see your Yubikey on your konsoleH account under your authentication methods.

"Smartphone / Tablet ": Before using the Yubikey, first make sure that you have installed an authentication app (available for iOS and Android). To set up your device, click "Smartphone / Tablet" under "Authentication methods". Then enter your password, and then give your smartphone/tablet a name that you want to use with it. After that, enter your TOTP (timed one-time password). To generate the TOTP code, scan the QR code with the app or you can enter the code that you see under the QR code into the app yourself. Now you can generate, enter, and confirm the code. Then you should be able to see your smartphone/tablet in your konsoleh account under authentication methods.

Login with 2FA

To successfully log into your konsoleH account that is actively using 2FA, first enter your usual login data, and then enter your OTP (one-time password). Your device (either your Yubikey or your smartphone/tablet) will generate your OTP.



© 2020. Hetzner Online GmbH. Alle Rechte vorbehalten.