The Google Authenticator app was chosen because it's free and widely available on Android, iOS/Apple, BlackBerry, or Windows mobile devices, and other third party APIs/Apps. For example:
Full details of Google’s security method and implementations can be found here:
Google Authenticator is particularly useful with mobile tablets/phones with a cellular or Internet connection. In the event of a lost or disconnected mobile device, Google Authenticator also provides a list of non-expiring backup codes (during the initial configuration) that can be used. Outside of the Google Authenticator app, SMS text message or voice calls can be used to obtain the 2nd layer code.
Getting the Google Authenticator App
Before you can enable Multifactor Authentication on your DreamHost account, you'll need to install the Google Authenticator app on your smartphone or tablet device.
If you already have the Google Authenticator app on your smartphone or tablet device, you just need to click the "+" in the lower right corner (iOS) or open the settings for the app and click "Add account" (Android). Then proceed to the next section of this walkthrough.
Google's official documentation on downloading and installing the app can be found here:
The app can be downloaded from your device's App Store (or use Google's direct link for BlackBerry):
- Android devices: Google Play
- iPhone, iPad, or iPod Touch: iTunes App Store
- BlackBerry devices: Google Authenticator Download (visit from your BlackBerry device)
- Windows Phone: Microsoft Authenticator (Official Microsoft App), Authenticator+ (Third Party Open Source)
Enabling MFA in the panel for Google Authenticator
- Navigate to the (Panel > ‘Billing & Account’ > ‘Security’) page.
- The second section on that page is titled 'Multifactor Authentication':
- Current Password: Enter your DreamHost account password.
- Multifactor Authentication Type: Click the dropdown menu to choose which of the two Google methods you’d like to use:
- - Google Authenticator, Time-Based (recommended)
- - Google Authenticator, Counter-Based
DreamHost recommends time-based one-time passcodes. Time-based codes provide better protection against phishing and keyloggers since each code is only valid for a short amount of time. Time-based codes also automatically stay in sync with DreamHost’s servers, as opposed to counter-based codes which require manual syncing.
- If you use counter-based codes, you will need to press the refresh button next to the code in the Google Authenticator App each time you use it to advance it to the next code.
- Click the Get Started button.
- You will now see a QR Code and a 16-digit secret key that you will need to activate Multifactor Authentication:
- Use the Google Authenticator app to scan the QR code.
- If your device does not have a camera, you can instead enter the 16-digit secret key shown below the QR code into the app manually.
- If you have more than one device running Google Authenticator, scan the QR code or enter the key on every device that you want to use with your DreamHost account.
- When the Google Authenticator app displays a 6-digit passcode, enter it in the passcode field.
- If you are using counter-based codes, you may need to press the refresh button to display the first code.
- Click the Activate! button and DreamHost’s server is synced to your device.
- You then see a ‘Success!’ confirmation box appear:
- Save the backup codes presented in the ‘Success!’ dialog box. If you suspect your account may be compromised (for example if you have lost your phone or mobile device), and you're using Google Authenticator, you can use the Regenerate Key button to invalidate the old key and create a new one.
- If you are backing up an iPhone to your local computer, select 'Encrypt iPhone Backup' to also back up the Google Authenticator's account(s). Otherwise, Google Authenticator won't have any accounts associated with it when it's restored.
What if I need a new phone?
If you are buying a new phone, make sure to DISABLE Multifactor Authentication in your panel. You can do this on the (Panel > 'Billing & Account' > 'Security') page. Under the Multifactor Authentication section, enter your password and click the disable button.
When you have your new phone, log back into your panel and set it up again as shown above.