Lead Image © iofoto, Fotolia.com
Multifactor authentication with Google Authenticator
Double Sure
Login security increases significantly when using a combination of factors to authenticate a user (i.e., multifactor authentication). In most situations, two-factor authentication is usually enough. The first authentication factor is usually a password or key, with various possibilities for the second factor, including hardware tokens owned by authorized users or one-time password (OTP) generators that provide OTP tokens. One-time passwords come in several varieties (e.g., hardware, software, grid card). A popular, free, and simple way to implement two-factor authentication (2FA) with OTP is Google Authenticator, which is available in the form of an app for iOS and Android and as source code [1] for the server side.
Better Protection
Google Authenticator provides time-based one-time passwords (TOTPs) as per RFC 6238, which means that a password is only valid for a certain amount of time. Time-based passwords, then, are virtually worthless to an attacker.
A variety of modules can integrate Google Authenticator into applications to secure logins for blogs, content management systems, OpenVPN, and other situations. Likewise, it is possible to use SSH with multifactor authentication to reduce the risk of password or passphrase theft, and Google Authenticator provides a PAM module that can be integrated easily into SSH authentication.
The PAM module installs easily on the SSH server by using the package managers of popular Linux distributions:
#Ubuntu systems apt-get install libpam-google-authenticator #CentOS and Red Hat Enterprise Linux yum install google-authenticator
The qrencode program also must be installed so the tool can output the QR code used for app configuration. If this program isn't installed, the authenticator returns a link to a Google site that generates the code.
When
...
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Two-Factor Authentication
Making your systems really secure can be a bit more complicated than resorting to the use of regular passwords. In this article, we provide an overview of authentication solutions and present potential approaches for common use cases.
-
Secure remote access and web applications with two-factor authentication
Making your systems really secure can be a bit more complicated than resorting to the use of regular passwords. In this article, we provide an overview of authentication solutions and present potential approaches for common use cases. -
Hardening SSH authentication to the max
Public key authentication further supplemented with one-time password or hardware authentication methods improves SSH security while offering genuine convenience. -
Pre-authentication for Kerberos services
The Kerberos protocol makes the process of logging in to a service completely transparent to the user. The MIT Kerberos library lets you implement different security requirements for individual services. -
Multifactor authentication from FIDO
The FIDO Alliance is working to build open solutions for the future of authentication.