Two-factor authentication is now available!

For the past month, we’ve been testing support for two-factor authentication for user accounts, and are happy to announce that it’s ready!

Two-factor authentication adds a layer of security to your accounts by requiring that you have your mobile device (cell phone or tablet) with you when logging in. Any time you log into RBCommons, a temporary token code will be sent to your device over text message, or generated by a token generator app.

This token code will be required alongside your username and password. If a malicious hacker tries to log into your account, they’ll need your mobile device or they’ll be out of luck. So keep that safe!

 

Enabling two-factor authentication

It only takes a minute to enable two-factor authentication on your account. Simply:

  1. Go to your My Account page and click “Authentication” on the left.
  2. Click “Enable two-factor authentication” on the right.
  3. Choose whether to use a token generator app, like Google Authenticator (recommended), or to receive text messages on your cell number (carrier rates may apply).
  4. Depending on your choice, you’ll receive a simple set of instructions for getting set up.

You’ll receive your first generated token, which will be used to verify that everything was set up correctly.

After you enable two-factor authentication, you’ll have the opportunity to set a secondary phone number to use in case you lose your primary mobile device or app settings. We highly recommend that you do this, especially if you’re using a token generator app.

 

Download your backup tokens!

If you’re ever locked out of your account due to a lost or broken phone or tablet, you’ll need a backup token to get back in. These are a pre-generated set of token codes that you can use when logging in.

After you enable two-factor authentication, click “View Backup Tokens.” You may have to verify your password and auth token the first time. Then, follow the instructions to generate your set of backup tokens.

Make sure you save these somewhere safe!

 

Upgrade RBTools

You’ll need a modern version of RBTools.

If you’re running 0.5.3 or higher, you’re fine, and will receive an authentication token the next time you have to log in through RBTools.

If you’re running an older version, it’s time to upgrade! We’re continually making improvements to RBTools. Speaking of that, watch this space for a new, major RBTools release announcement, coming soon!

Christian Hammond

President/CEO of Beanbag. Developer of Review Board and RBCommons. Lover of sushi and bees. Not at the same time.