Docker Hub Now Supports Two Factor Authentication
Container Image repository, Docker Hub, has added 2 Factor Authentication to its feature list. The feature falls in line with many other services, wherein users employ a third-party application (such as Google Authenticator or Authy) or via SMS text message. Although this will mean users must always have access to their mobile devices when attempting to log into Docker Hub (which adds an extra step to the login process), it also means an added layer of security will be there to protect their accounts.
The feature is still in beta, but any Docker Hub user can enable the feature by logging into their account and going to Account Settings > Security > Two Factor Authentication.
This new security feature comes on the heels of a massive security breach (April, 2019), where up to 190,000 users’ data could have been exposed.
According to Shanea Leven, Senior Director of Product Management of Docker, Inc, “ we chose to use one of the more secure models for 2FA: software token (TOTP) authentication.” Leven continues, “TOTP requires a little more upfront setup, but once enabled, it is just as simple (if not simpler) than text message-based verification.”
Users who access their Docker Hub accounts through the command line interface (CLI) will also have to create a personal access token, in order to log in from the command line. Once 2FA has been enabled, standard username/password authentication will not work.