Having a good, difficult to guess, password for logging in to your UpCloud Control Panel is essential for keeping your account secure, but for additional security UpCloud supports two-factor authentication also known as 2FA. This is a method for authenticating the user using two different types of validity checks, often by asking for something only the user knows and something only they posses. Bank cards are a good example of everyday use of 2FA where the card is something physical the user has and the pin number a secret only they know.
At UpCloud you already have a username and a password as something only you know, the second factor in authentication can be a smartphone, a personal item that almost everyone carries around with them on daily basis. To use your smartphone for 2FA you’ll need to download and install an authenticator application. Here are some examples of supported applications:
- Google Authenticator (Android/iPhone/BlackBerry)
- Duo Mobile (Android/iPhone)
- Amazon AWS MFA (Android)
- Authenticator (Windows Phone 7)
Below you can find detailed instructions on how to connect an authenticator application with your UpCloud account.
Enable two-factor authentication on your main account
Log in to your UpCloud Control Panel, go to the User Accounts –tab under My Account –menu and click the Change -button on your account name.
- Enable the Two-factor authentication by clicking the selection box found in the first section in your account details page.
- Turning on the 2FA on your account reveals a new Setup -button next to the selection box, click it to open the configurations.
- In the 2FA configurations window you’ll see a shared secret key for connecting an authenticator application on your smartphone with your UpCloud account and a QR-code matching the key below it.
- If you do not already have an authenticator application installed on your phone, you can find the a couple of popular options available for multiple mobile operating systems including Android, iOS, BlackBerry and Windows Phone on the right side information panel. By following one of the links here you can find detailed instructions on how to install an authenticator on your phone.
- Once you have an appropriate applications installed, open it and follow the in application instructions on how to set up a new account using either the key or the QR-code displayed in the 2FA details window.
- When the authenticator is ready, close the details window and click the Save -button at the bottom of the account details page to confirm the changes.
Now next time you log in to your UpCloud Control Panel you’ll be asked for a one-time password that you can find in your authenticator application similarly to the example picture of Google Authenticator shown above.
Enable two-factor authentication on subaccounts
Group accounts can also benefit from two-factor authentication. The main account holder can set the policy for 2FA individually on all of their subaccounts. When enabling 2FA for a subaccount, make sure the phone number registered to that account is valid and correct for backup code retrieval.
On your main account, go to your UpCloud Control Panel and User Accounts -tab.
- Click the Change -button on the subaccount you wish to enable the two-factor authentication for.
- Click the selection box to enable the Two-factor authentication and then click the Save -button at the bottom of the account details page.
- The subaccount user will then need to enter an authentication code when logging in. Sign in normally with username and password.
- On the first log in time you’ll need to choose an alternative method for receiving the passcode, SMS or phone call, to the phone number registered to that subaccount.
- Enter the code provided to the field under the selection buttons and log in.
Once you are logged in, go to the Username -tab under My Account -menu and click the Setup -button to configure your authenticator application.
Depending on your authenticator application you can choose to either scan the QR-code from your screen with your smartphone or enter the 16 digit key code manually. Regardless of the method once entered successfully your authenticator will then show a 6 digit passcode for a limited time per code as indicated by a timer icon next to it.
If you lose your authenticator
Don’t worry if you changed your phone or accidentally uninstall the application. As a backup you can have the authentication code delivered to you via SMS or phone call to the phone number registered to your account.
- Enter your username and password as usual.
- In the Confirmation key window enter something once to reveal the help button and then click it to show the backup methods.
- Click one of the two buttons to have the code either sent to you by SMS or by automated phone call.
- When you get the one time backup code enter it in the field below to log in.
Afterwards, go in to the User Accounts -tab under My Account -menu, click the Change -button to open your account details and then click the Setup -button to view the key information. You can then reconfigure you authenticator application to use the authentication codes again when logging in the next time.
Your smartphone now works as the second factor in your authentication process, keep it at hand when logging in to your UpCloud Control Panel and rest assured your account is secure. While it’s possible to install an authenticator application on your computer, it’s not advised for security reasons as the authenticator should be kept physically separate from the device you are using to log into your UpCloud Control Panel.
The 2FA at UpCloud utilizes a Time-based One-time Password algorithm, this means the code in the authenticator application is time sensitive and keeps changing every 30 seconds. Being time-based means only the code currently displaying in the application will work, the codes cannot be written down to be used at a later time. For the timed codes to work your smartphone must be able to keep it’s clock synchronised which most devices do by default, if you are having difficulties with the codes not working, check that the time and date on your phone is correct.