Today, we are excited to announce that Two-factor authentication (2FA) can now be enabled for your NodeChef account.
Two-factor authentication (2FA) is a simple best practice that adds an extra layer of security to your NodeChef username and password. When 2FA is enabled, the user will be able to sign in with their email address and password and also a verification code. The verification code is generated by an application on your smartphone. To gain access to your account a potential attacker would need your email address, your password, as well as your phone. We recommend all users enable two-factor authentication for their accounts.
Enabling Two-Factor Authentication
-
You can enable two-factor authentication for your account by logging into your Dashboard → Account → Account Details. Scroll down to find the section on two-factor authentication. Click the “Enable two-factor authentication” button.
-
Download an authenticator app for your smartphone. We recommend Salesforce Authenticator, Google Authenticator or Authy.
- Scan the barcode shown on the Dashboard page with the downloaded authentication app.
-
To validate your device, enter the 6-digit code displayed on your smartphone. Click “Enable Two-Factor Authentication”.
Two-factor authentication is now enabled for your account. All future logins will now require you to enter a code supplied by your authenticator app on your smartphone.
Additional Information to Note.
You can disable two-factor authentication, enable Trust Devices and find your Recovery Code (Secret) from the Dashboard account page. Dashboard → Account → Account Details. Scroll down to find the section on two-factor authentication.
Trust devices
When this option is enabled, NodeChef will not ask you for the 6-digit verification code every time you log in until 30 days have elapsed from the last time you provided a code or you wipe out your cookies or change your IP address or happen to be using a new browser. Disable this option for maximum security if required.
Secret
In case you lose your phone or your phone gets wiped out or want to use Two-factor Authentication with the CLI, you can always set it up using this shared secret. Note it is important you copy and store this secret code somewhere safe so you are not locked out in case you lose your phone.
Disabling two-factor authentication
Use this button to disable Two-factor authentication for your account. You can enable it again at anytime. In case you want to set up Two-factor authentication for a new phone, you must first disable and then enable again.
Let us know if you face any issues or have any feedback.