What is Multifactor Authentication?
Authentication is the fancy word for what happens when you log in to a website. Normally, after you identify yourself with your username or email address, the website asks for one piece of information to authenticate you which is your password.
Multifactor Authentication takes this to another level and asks for one or more additional pieces of information to successfully authenticate you. Usually, these extra factors go beyond just something you know (such as a password) and use something you have (like an ID card) or something you are (your fingerprint or a retinal scan, perhaps). Without all the required factors, you won't be able to log in to the website.
Why would I want Multifactor Authentication?
As of November 2021, DreamHost email service does not support Multifactor Authentication (MFA).
Requiring these different kinds of factors for authentication makes it much harder for people to pretend to be you. Not only do they need to figure out your password, they also need to steal your ID card or fake your fingerprint. Accounts protected with Multifactor Authentication are usually much safer than those protected with only a password. In short, Multifactor Authentication can help combat fraud and protect you.
What types of Multifactor Authentication can I use with the DreamHost web panel?
DreamHost supports using the following options:
- One-time passcodes generated with the Google Authenticator app. This app must be installed on your smartphone or mobile device.
- YubiKey, which is a hardware token that plugs into a USB slot and types out a passcode.
What if I don't have a smartphone or other mobile device?
You must purchase a YubiKey instead.
Doesn't remembering a computer defeat the purpose of Multifactor Authentication?
Not really. When you choose to remember a computer, you haven't disabled Multifactor Authentication, you've just told the server that a particular computer can be used as the second form of authentication rather than a one-time passcode.
The purpose of Multifactor Authentication is to make it harder for someone to steal all the information needed to log in to your account. On public computers, such as those at a library or Internet café, you don't know if it has a keylogger installed that's saving your username and password. If you are required to enter your one-time passcode on that computer, other people still cannot log in to your account even if they've stolen your username and password.
On the other hand, if you're sitting safely at home and using the computer you had DreamHost remember, and then get tricked into giving your username and password to a phishing site who intends to misuse that information, the phishers won't be able to log in to your account because their computer isn't remembered and they still need to use a one-time password.
How do I enable this feature?
View the following article for instructions on enabling this feature: