Securing Your #Mastodon Account: Enable #2FA
If you haven't encountered two-factor, or multi-factor, authentication, you're missing out on an easy, if tedious, way of securing your online accounts. Using 2FA or MFA has been around for awhile. If you're just kicking off your Mastodon account, you might want to take advantage of 2FA and turn it on. This ensures that even if someone gets your username and password, they still won't be able to get in because they lack your phone.
- Two-factor authentication (2FA) is a security system that requires two separate, distinct forms of identification in order to access something.
- The first factor is a password and the second commonly includes a text with a code sent to your smartphone, or biometrics using your fingerprint, face, or retina.
- While 2FA does improve security, it is not foolproof. (source)
To get started in using 2FA, you'll first need to get an Authenticator app that runs on your device. Here are some options:
Enable 2FA In Mastodon
Then, go into your Mastodon preference while in a web browser (preferably you desktop/laptop) and open up your Preferences. You'll select ACCOUNT, then Two-factor Auth. You can see what it looks like below, although you can probably see I've turned mine on already:
Once you have scanned the QR code this page will create for you using your Authenticator app, you'll be set to go. Be sure to save the recovery codes that will flash on the screen in a safe place just in case.
When you're done, you will get an email that looks similar to this:
Of course, you can use your Authenticator app for lots of different online logins. I encourage you to do so and safeguard your online spaces.