Strengthen Your Account Security with Divio's New Two-Factor Authentication (2FA)
Divio is taking your account security to the next level with Two-Factor Authentication (2FA) for password users! This marks a significant step in our ongoing efforts to enhance security for your accounts.
Lucy Linder
Team Lead Site Reliability Engineer
Why 2FA?
While passwords are a crucial first step, adding 2FA greatly enhances your account security. Passwords can be leaked, guessed, or compromised, and following security best practices is easier said than done. Two-Factor Authentication (2FA) adds an essential extra layer of protection by requiring not just what you know (your password) but also what you have (your OTP).
How It Works: OTP (One-Time Passwords)
Our 2FA uses widely trusted time-based codes (TOTP), compatible with leading authenticator apps like Google Authenticator and Authy. Here's a quick breakdown:
When you enable 2FA, the system generates a secret key (seed) for your account.
This seed is securely shared with your authenticator app (such as Google Authenticator, Microsoft Authenticator, or Authy) via a QR code.
Your authenticator app generates a unique six-digit code every 30 seconds, based on the seed and the current time, using the SHA-1 cryptographic hash function. This code is called an OTP, short for One-Time Password.
When logging in, you’ll first enter your password and then be prompted for the current OTP.
This way, even if your password is compromised, you don’t need to worry because 2FA ensures only you can access your account.
How to Set Up 2FA
Before starting, make sure you have an authenticator app installed on your smartphone, such as Google Authenticator, Authy, or Microsoft Authenticator. They should be available on your app store.
Log in to the Control Panel.
Navigate to Security Settings: click on your user icon at the top right of the screen open the "Security", and click on the brand new "Add 2FA Device" button.
Follow the prompts: Scan the QR code that appears using your authenticator app. Your app will then generate a six-digit code. Enter this code in the input field to complete the setup.
Download your recovery codes: Once 2FA is enabled, a button will appear in the Settings to download your recovery codes. These codes are your lifeline if you lose access to your authenticator app, so store them securely in a safe location. Keep reading for more details.
That’s it! Your account is now protected with an added layer of security. Next time you login, prepare your smartphone.
What If You Lose Your Device?
Don’t worry if you lose access to your device. Recovery codes are here to help you regain access swiftly and securely. Each code can only be used once, so think of them as single-use keys for emergencies.
If you lose access to your authenticator app, you can use a recovery code to log in and reset your 2FA setup. And if you forget your password entirely, the usual "Forgot Password" flow will still work, and you will be able to set a new 2FA device.
SSO Users
For SSO users, your identity provider should already handle 2FA and is responsible for ensuring robust account protection.