Docker Hub Now Supports Two Factor Authentication

By

In a move that should surprise no one, Docker Hub now allows users to enable 2 Factor Authentication for their accounts.

Container Image repository, Docker Hub, has added 2 Factor Authentication to its feature list. The feature falls in line with many other services, wherein users employ a third-party application (such as Google Authenticator or Authy) or via SMS text message. Although this will mean users must always have access to their mobile devices when attempting to log into Docker Hub (which adds an extra step to the login process), it also means an added layer of security will be there to protect their accounts.

The feature is still in beta, but any Docker Hub user can enable the feature by logging into their account and going to Account Settings > Security > Two Factor Authentication.

This new security feature comes on the heels of a massive security breach (April, 2019), where up to 190,000 users’ data could have been exposed.

According to Shanea Leven, Senior Director of Product Management of Docker, Inc, “ we chose to use one of the more secure models for 2FA: software token (TOTP) authentication.” Leven continues, “TOTP requires a little more upfront setup, but once enabled, it is just as simple (if not simpler) than text message-based verification.”

Users who access their Docker Hub accounts through the command line interface (CLI) will also have to create a personal access token, in order to log in from the command line. Once 2FA has been enabled, standard username/password authentication will not work.

11/03/2019

Related content

  • News for Admins
    In the news: The Python Clock Has Almost Reached Zero; Docker Hub Now Supports Two Factor Authentication; Hetzner Launches New Ryzen-Based Dedicated Root Servers; Microsoft Launches Bug Bounty Program to Protect Electronic Voting Machines; New Fileless Malware Discovered
  • Two-Factor Authentication

    Making your systems really secure can be a bit more complicated than resorting to the use of regular passwords. In this article, we provide an overview of authentication solutions and present potential approaches for common use cases.

  • Secure remote access and web applications with two-factor authentication
    Making your systems really secure can be a bit more complicated than resorting to the use of regular passwords. In this article, we provide an overview of authentication solutions and present potential approaches for common use cases.
  • Secure authentication with FIDO2
    The FIDO and FIDO2 standard supports passwordless authentication. We discuss the requirements for the use of FIDO2 and show a sample implementation for a web service.
  • Multifactor authentication with Google Authenticator
    Google Authenticator provides one-time passwords to smartphone owners for multifactor authentication, or you can integrate it into other applications, such as blogs.
comments powered by Disqus