Securing Your #Mastodon Account: Enable #2FA

If you haven't encountered two-factor, or multi-factor, authentication, you're missing out on an easy, if tedious, way of securing your online accounts. Using 2FA or MFA has been around for awhile. If you're just kicking off your Mastodon account, you might want to take advantage of 2FA and turn it on. This ensures that even if someone gets your username and password, they still won't be able to get in because they lack your phone.

  • Two-factor authentication (2FA) is a security system that requires two separate, distinct forms of identification in order to access something.
  • The first factor is a password and the second commonly includes a text with a code sent to your smartphone, or biometrics using your fingerprint, face, or retina.
  • While 2FA does improve security, it is not foolproof. (source)

To get started in using 2FA, you'll first need to get an Authenticator app that runs on your device. Here are some options:

There are others (read about them here) you can use, but those are two worth using. I rely on Google Authenticator but wish I'd used 2FAS. I may switch in the future since it has encrypted backup which is nice.

Enable 2FA In Mastodon

Then, go into your Mastodon preference while in a web browser (preferably you desktop/laptop) and open up your Preferences. You'll select ACCOUNT, then Two-factor Auth. You can see what it looks like below, although you can probably see I've turned mine on already:

Once you have scanned the QR code this page will create for you using your Authenticator app, you'll be set to go. Be sure to save the recovery codes that will flash on the screen in a safe place just in case.

When you're done, you will get an email that looks similar to this:

Of course, you can use your Authenticator app for lots of different online logins. I encourage you to do so and safeguard your online spaces.

Everything posted on Miguel Guhlin's blogs/wikis are his personal opinion and do not necessarily represent the views of his employer(s) or its clients. Read Full Disclosure


Popular posts from this blog

COVID-19 Droplet Spread and #FREE Tests

Trying a New Pup Out #SPCA #Dog

AudibleNotes: Culturally Responsive Teaching for Multilingual Learners