Two years ago, I set up two factor authentication for my gmail account. Last year, github announced the ability of two factor. I hadn’t noticed at the time. Today, I logged on to change my password since github was in the list of applications affected by Heartbleed and saw the option.
How it works
Github gives you a choice of second factor
- Google Authenticator mobile application (I already had the iPad app installed for gmail so this was convenient)
- text to mobile phone (I have this set a secondary)
- written down one time use passwords (kept as tertiary)
Linking the mobile app to github
- Open the mobile app
- Click “edit” pencil
- Click “+” to add an account.
- On your computer, go to your github account settings and click to enable two factory. You will be given a QR code to scan which automatically links the two. There is also the option of typing in a long text code.
That’s it. Now Google Authenticator generates two numeric codes. One for gmail and one for github.
Actually using two factor
Unlike gmail, you probably don’t usually sign on two github using the browser. Let’s look at three ways of signing in.
Through the browser
- I immediately logged out in the browser.
- Enter my password to sign back in
- Enter my two factor code
Through the github Mac app
- Github > Github preferences
- Click sign out
- Enter my username/password to sign back in
- Enter my two factor code
Through the command line
- On the account settings page, create a new personal token
- Leave the default privileges checked. (It’s great there is this much control)
git credential-osxkeychain erase
- git pull (or any other operation that requires a network call to github)
- Enter your user id
- Enter your new generated token (not your password)
As you might expect, the account settings page shows which apps have access. I saw “GitHub for Mac” and “GitHub for Windows” on there. My first thought was “I don’t use Windows.” Then I remembered that I use git to communicate between my Mac and Windows VM.
I also had to update my web service code to call the two factor version.
If you haven’t already, please change your passwords for sites in this list or enabling two factor will protect you in the future. Also change your passwords for any sites which use the same password as one of those in the list.
I have 2 factor authentication set up on my gmail. Needless to say signing on with my id was not the first thing I did with the Chromebook! But now that I’m content that easy things are easy, it is time to try something hard. [turned out not to be hard at all]
I’ll be back with the getting started with the chromebook series. 2factor isn’t something most people have set up so I’m posting this one standalone.
Step 1 – Add a user
Click the “Add user” button in the lower left. It requires network access for this. I was worried, I’d have to re-enable wifi, but it lets you click Verizon for the network and activate over 3g. It is only the initial user that requires wifi.
Step 2 – Sign on with password
This is where I was expecting trouble. I typed in my password. When I enter my password in gmail, I get prompted for another code (my 2 factor code.) I was thrilled when the chromebook prompted me for the 2 factor code. This is great! I can logon to the chromebook using two factor just as easily as I can logon to gmail using 2factor. Good job!
I was expecting my fallback to be logging onto the Chromebook as a guest and then using two factor normally from the browser.
Don’t want someone else sending e-mail as you? Don’t want someone reading your e-mail? Don’t want your email hacked? Then why do you only protect you e-mail with a flimsy (or not so flimsy) password?
It’s scary what someone could do with your e-mail. Luckily, Google has been offering 2-factor authentication for over a year.
How it works
When you turn on 2 factor, Google asks you what options you’d like to turn on as a secondary authentication channel. I use the following (in order of preference):
- Google Authenticator iPad application
- phone call to mobile phone
- text to mobile phone
- written down one time use passwords
Security is more work than being non-secure. That’s why my password isn’t “jeanne”. It’s one that I have to actually remember. When I first turned this on, there was less than an hour of initial inconvenience. Which consisted of:
- reading about 2 factor
- turning on 2 factor
- entering the second code for the three devices on which I regularly use gmail
- creating an “one application only” password for the apps that use google sign on but don’t support two factor
How to turn on 2 factor
A funny story
A few months ago, I moved and didn’t have the internet at home for over a week
. I was using my wifi iPad for the internet for the most part. One day I needed to do something that required a real browser. My employer bans gmail so I went to the library “to check my e-mail.” I signed up for a computer spot at the library using my library card. I logon to gmail and get prompted for a second factor. Dang. I didn’t bring my iPad or one time use passwords to the library and there is no cell phone reception to get the code the other ways. And if I get up, someone could take my computer spot. It worked out ok, I asked someone to watch my spot and ran outside to get reception and get the code. It’s more secure though!
I’m happy with 2 factor. It’s such a minor inconvenience to have it on that it is more than worth the extra security on my account.