With the growth and adoption of Cloud-A’s infrastructure services around the world, having thousands of active projects, and twice that number of active users — our responsibility to provide a secure entry point into the services that store your application’s private data, that help run your businesses day-to-day, is greater than ever. With online threats growing, more advanced phishing techniques, and identity theft, ensuring secure access to any service becomes difficult. It doesn’t matter how long or complex your password is, your account is at risk of being breached if it were to somehow fall into the wrong hands.
To this end, we are very pleased to announce the general availability of two-factor authentication for Cloud-A accounts. Our development team had been working on building an OTP solution into Keystone, our authentication service, and released it into beta late last year. After months of end-user testing, and security auditing by third parties, we are enabling the feature for all users.
Two-factor authentication, or 2FA, by its definition allows you to secure your account via a second “factor” rather than just a password. Because passwords can be read or stolen, and are a single piece of information that any malicious person needs to access your account, a second factor called One Time Passwords or OTP are used and linked to a physical device that is on your person — so you know that the person logging in is truly you. This added security will thwart would-be attackers even if they know your account password.
2FA for Cloud-A allows you enable 2FA from within your Cloud-A Account Settings in the client portal. This will generate your private key and show you your QR code and recovery codes, as well as provide you with a quick OTP test mechanism to confirm your settings. Once enabled, you can use our 2FA with any Google Authenticator compatible mobile application. We highly recommend FreeOTP for managing your OTP credentials. It is free, secure, standards-compliant, and open source. The app is available for download on Google Play for Android, as well as the App Store for iOS devices.
As previously noted, Cloud-A’s 2FA architecture is built into Keystone, meaning that two-factor authentication is available at both the web dashboard level and also at the API layer. The result is a completely new architecture, and new way to approach OpenStack authentication. We hope that this not only shows our commitment to on-going product development for our customers, but our commitment to the OpenStack project as a whole.
Users will not be forced to enable OTP on their accounts, however we highly recommend setting it up. You can read more information on the configuration process in our documentation portal. Taking a few minutes to enable this feature on your account could mean the difference between an adversary accessing your account and gaining access to your cloud infrastructure, and stopping them right at the door.
If you have any questions or concerns about configuring 2FA on your account, we’d love to hear from you! You can reach our support team quickly and easily by emailing firstname.lastname@example.org.