Why use 2-Step Verification
We all have passwords for e-mail, social networks or even log into our operating systems. Ubuntu is no exception, and we will need to enter a password when accessing it.
We can say that it is main barrier to avoid invading our accounts. If we use a strong and complex password containing letters (upper and lower case), numbers, and other special characters besides a random and long enough one, we can say that it is safe and no one can access it.
However, sometimes there can be leaks, we can become victims of phishing attacks, keyloggers and other threats that can steal our passwords. Thus, an attacker can log into our account. To avoid this, two-step verification comes into play.
What’s happened 2-step authentication or 2FA? This basically means that we will need to enter the second code, complete the second step, to log in. Thus, if an attacker knows our password, he will not be able to gain access without this second step.
Use 2-Step Verification on Ubuntu
Ubuntu is undoubtedly one of the most used Linux distribution. It offers a wide range of options, and we can also use 2-Step Verification to add an extra layer of security to our account and avoid hassles.
For this we need a couple of things: one of them is to install dependencies and Google Authenticator in our system and the other is to use a 2FA compatible Google Authenticator program on our mobile phone. Here we will get the codes that we will need to enter when entering the system.
So the first step would be install Google Authenticator in our system. To do this, you need to go to the Ubuntu terminal and run the following command:
sudo apt install libpam-google-authenticator
During the installation process, which is quick and easy, it will ask us a series of questions, which we must always answer in the affirmative in order to set it up correctly.
Later we have to execute Google authenticator to set up correctly and get the keys we are going to use. We will need to associate it with the application that we are going to use on the mobile phone. In addition, a number of questions will appear again, to which we will have to answer in the affirmative.
After completing these steps, we will install everything needed. Now we just need to enable 2-Step Verification in Ubuntu so that it prompts us for this second code when we log in. In this case, we will need to execute the command sudo nano /etc/pam.d/lightdm to get the config file and add the line later
authorization required pam_google_authenticator.so nullok …
The next step is to save this file and reboot the system. From now on, we will have Ubuntu configured to request 2FA at login time.
Keep in mind that we will always must we have our mobile phone and the Google Authenticator client is correctly installed and available. Otherwise, we would not be able to log into Ubuntu. Of course, this will only happen if the operating system is configured to prompt for a password upon login and is configured to start automatically without the need for a password.
In short, as we can see, it is a simple process and we can make Ubuntu more secure from potential intruders. For example, it is a very useful measure to prevent losing your computer. This means that anyone can access the system using brute force and thus guess the password. In short, another way to save our data.