Two-Factor Authentication

Tagged in
- security

Two-factor authentication provides the best possible protection for your account.

With two-factor authentication enabled, you enter your password and a secure code generated by your mobile device. Stealing your password is not enough for an attacker to gain access to your Exoscale account.

This method combines the security of something you know (your password) and something you have (your mobile device that generates secure codes).

Set up

From the top Account dropdown menu, go to Account Details and then click on the Password and Security tab.

click on Set up two-factor verification.
Enter your account password
Scan the QR code with your device’s authenticator app, or enter the code in the app
Your app will give you another code to enter in the form - enter the code and click on submit
You will be presented with a confirmation window and a set of backup codes
Make sure to save your backup codes

If you do not have an authenticator app yet, here are a few possibilities:

FreeOTP for Android.
Duo Mobile for Android and iOS.
OATH Toolkit (with oathtool --totp -b yoursecret) for Linux/BSD/macOS.

Implications

!!Note When you have two-factor authentication enabled, it is vitally important to remember: * to keep your authenticator app up to date * to safely store of your TOTP secret * to the safely store your backup codes

If your authenticator app is lost, you can access your account and reset your two-factor authentication with the backup codes we provide on the initial setup.

If you have no backup codes and you are locked out of your account, you can contact our Support team as a last resort, but our ability to assist you might be limited.

At Exoscale we take your account security extremely seriously. We will need to authenticate your identity with a high degree of confidence. Please note that you might have to provide additional identification.

Please load your public SSH key to your account.

If an RSA public key is registered in your private account, we will send you the digest of a challenge, which you can sign with your private key. We can use the public key registered on your account to verify the signed digest and reset the account.

Please save a phone number on your account.

If a phone number is registered on the account, we will send a challenge to the phone number and act on the request if the correct challenge is sent back to us in the account reset request.

If those methods are unavailable or fail, there will be no action on our side. Unfortunately, you will be not able to access your account.