1. Tutorials

Secure Your Online Accounts With 2FA And Open Source

Two-Factor Authentication or Multiple Factor Authentication, is the process of using two or more ways of proving identity to online services rather than just using the password alone (password = 1 factor, password + mobile code = 2 factors… And so on). It is a security measure designed to prevent attackers from gaining access to online accounts even if the accounts’ passwords fall to their hands.

Most mainstream online services do support two-factor authentication today, though not all of them. Such as Google, Facebook, Twitter and basically all banking and critical services online support it too.

Most users sadly use Google Authenticator for two-factor authentication, and they think that it is the only solution in the market. But that’s not true.

Today, we’ll introduce the remarkable FreeOTP application for you and how to use it to enable 2-factor authentication.

FreeOTP: An Open Source Alternative to Google Authenticator

FreeOTP is a %100 free and open source mobile authentication application published under the Apache 2.0 license. Developed by the famous enterprise open source software maker Red Hat; Making it a far way more trusted than any solution coming from companies like Google.

The program, just like any other authenticator app, allows you to scan a QR code when you activate two-factor authentication on websites, and then it starts to automatically generate security codes each 30 seconds. When you want to login to your 2FA-secured account, you just have to enter the code currently shown on the app.

The program works on android and iOS devices, and it is also available in the F-droid store for android users who do not wish to use any of Google’s services. It is also worthy to mention that the source code of all applications is available and published on GitHub.

Download it on your phone before you continue.

Enabling Two-Factor Authentication

The position of two-factor authentication activation checkbox is different depending on the online website/platform you are talking about, but can generally be found under the “Account” or “Security” tabs in your settings.

For Twitter for example, it is found under Account –> Security:

It will ask you to scan the QR code, use the FreeOTP application on phone to scan it:

And then it will give you something known as a “backup code”. It is very important that you store this code and keep it somewhere safe; Because if you lose your phone for example or in case of an absent Internet connection, you won’t be able to access your account:

The best way to keep it safe is to print it on a paper and store it somewhere near you.

Now you are all set! The next time you try to login to your Twitter account, the website will ask you for a security code from FreeOTP after you confirm your password.

You can apply the same procedure similarly on the other websites.

The Bottom Line

Two-factor authentication is a very important method to secure the online accounts you care for on the Internet. Using the password alone to keep your most important and critical accounts safe is not wise these days, especially with the huge number of data breaches (Where some of them are storing passwords in plain text, looking at you Facebook!).

FreeOTP contains everything essential to allow you to enjoy the two-factor authentication technology with open source; No proprietary code, no data tracking and no spyware involved.

Sadly the adaption of two-factor authentication is still absent in the awareness of most users; The average Tom thinks that it is perfectly fine to just depend on the password factor alone to secure his bank account, which is a disaster if happened. It would be nice if you – as a reader – could share this information with other people and tell them how important 2FA is for their online accounts security.

.
guest
0 Comments
Inline Feedbacks
View all comments

Subscribe for $5

Instead of using your adblocker, join us now on Patreon to unlock a complete ad-free experience + access to private FOSS Post forum where many internals are discussed.

Ad

Email Newsletter

.