Versions Compared

Old Version 4

changes.mady.by.user Paul Phillips

Saved on

compared with

New Version 5

changes.mady.by.user Paul Phillips

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3
Excerpt
hiddentrue

Enabling two-factor authentication with TOTP or MOTP.

Table of Contents
Table of Contents
maxLevel5
minLevel2
outlinetrue
classtoc

Configuring Two-Factor Authentication

Two-Factor authentication is highly recommended as a security precaution against unauthorized access to your account. Blesta supports both MOTP and TOTP. The following mobile applications are recommended for Android and iOS, respectively, and many others are supported as well.

For Android

  1. Android Token - http://code.google.com/p/androidtoken/
  2. Google Authenticator - https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en

For iOS (iPhone, iPad)

  1. OATH Token - http://itunes.apple.com/us/app/oath-token/id364017137?mt=8
  2. Google Authenticator - https://itunes.apple.com/us/app/google-authenticator/id388497605?mt=8

Note
titleGoogle Authenticator

As of Blesta 3.1, a QR code may be scanned from Google Authenticator to set it up. If you are running an earlier version of Blesta, continue reading.

Using Google Authenticator with Blesta is pretty straight forward, but requires a little manipulation to get the key in the correct format. Blesta expects TOTP keys to be in hexadecimal format (base16), but Google Authenticator uses base32. So we have to convert our Google Authenticator keys into hexadecimal before storing in Blesta.

There are a number of online utilities to perform this operation. Here’s one:http://www.darkfader.net/toolbox/convert/.

As an example, “PEHMPSDNLXIOG65U” (in base32) becomes “790ec7c86d5dd0e37bb4″ in hexadecimal. Simply select Time-based One Time Password as the two factor authentication method in Blesta then enter the converted (hexdecimal) value and you’re good to go.

For YubiKey

  1. For instructions on setting up your YubiKey to generate TOTP tokens visit http://www.yubico.com/totp
  2. If you follow the instructions provided by yubico you will need to convert your Google secret key from base32 into hexadecimal (base16) format before adding it to Blesta. Instructions on doing that are provided in the note above.

To set up Two-Factor Authentication, visit the "My Info" link at the top of any staff page.

If you have access to add additional Staff, you can set up Two-Factor Authentication at account creation under [Settings] > [System Settings] > Staff.