How to enable two-factor authentication on Google. How to log into your account using Yandex.Key
Attention. Applications developed in Yandex require a one-time password - even correctly created application passwords will not work.
- Login using QR code
- Transfer of Yandex.Key
- Master password
Login to a Yandex service or application
You can enter a one-time password in any form of authorization on Yandex or in applications developed by Yandex.
Note.
You must enter the one-time password while it is displayed in the application. If there is too little time left before the update, just wait for the new password.
To get a one-time password, launch Yandex.Key and enter the PIN code that you specified when setting up two-factor authentication. The application will start generating passwords every 30 seconds.
Yandex.Key does not check the PIN code you entered and generate one-time passwords, even if you entered your PIN incorrectly. In this case, the created passwords also turn out to be incorrect and you will not be able to log in with them. To enter the correct PIN, just exit the application and launch it again.
Features of one-time passwords:
Login using QR code
Some services (for example, the Yandex home page, Passport and Mail) allow you to log into Yandex by simply pointing the camera at the QR code. In this case, your mobile device must be connected to the Internet so that Yandex.Key can contact the authorization server.
Click on the QR code icon in your browser.
If there is no such icon in the login form, it means this service You can only log in using a password. In this case, you can log in using the QR code in your Passport and then proceed to the right service.
Enter your PIN code in Yandex.Key and click Login using QR code.
Point your device's camera at the QR code displayed in the browser.
Yandex.Key will recognize the QR code and send your login and one-time password to Yandex.Passport. If they pass the verification, you are automatically logged in to the browser. If the transmitted password is incorrect (for example, because you entered the PIN code incorrectly in Yandex.Key), the browser will show standard message about the wrong password.
Logging in with a Yandex account to a third-party application or website
Applications or sites that need access to your data on Yandex sometimes require you to enter a password to log into your account. In such cases, one-time passwords will not work - you need to create a separate application password for each such application.
Attention. Only one-time passwords work in Yandex applications and services. Even if you create an application password, for example, for Yandex.Disk, you will not be able to log in with it.
Transfer of Yandex.Key
You can transfer the generation of one-time passwords to another device, or configure Yandex.Key on several devices at the same time. To do this, open the Access Control page and click the button Replacing the device.
Several accounts in Yandex.Key
The same Yandex.Key can be used for several accounts with one-time passwords. To add another account to the application, when setting up one-time passwords in step 3, click the icon in the application. In addition, you can add password generation to Yandex.Key for other services that support such two-factor authentication. Instructions for the most popular services are given on the page about creating verification codes not for Yandex.
To remove an account link to Yandex.Key, press and hold the corresponding portrait in the application until a cross appears to the right of it. When you click on the cross, the account linking to Yandex.Key will be deleted.
Attention. If you delete an account for which one-time passwords are enabled, you will not be able to obtain a one-time password to log into Yandex. In this case, it will be necessary to restore access.
Fingerprint instead of PIN code
A fingerprint can be used instead of a PIN code on the following devices:
smartphones under Android control 6.0 and a fingerprint scanner;
iPhone starting from model 5s;
iPad starting with Air 2.
Note.
On iOS smartphones and tablets, the fingerprint can be bypassed by entering the device password. To protect against this, enable a master password or change the password to a more complex one: open the Settings app and select Touch ID & Passcode.
To use enable fingerprint verification:
Master password
To further protect your one-time passwords, create a master password: → Master Password.
With a master password you can:
make it so that instead of a fingerprint, you can only enter the Yandex.Key master password, and not the device lock code;
Backup copy of Yandex.Key data
You can create a backup copy of the Key data on the Yandex server so that you can restore it if you lose your phone or tablet with the application. The data of all accounts added to the Key at the time the copy was created is copied to the server. You cannot create more than one backup copy; each subsequent copy of data for a specific phone number replaces the previous one.
To retrieve data from a backup, you need to:
have access to the phone number that you specified when creating it;
remember the password you set to encrypt the backup.
Attention. The backup copy contains only the logins and secrets necessary to generate one-time passwords. You must remember the PIN code that you set when you enabled one-time passwords on Yandex.
It is not yet possible to delete a backup copy from the Yandex server. It will be deleted automatically if you do not use it within a year after creation.
Creating a Backup
Select an item Create a backup in the application settings.
Enter the phone number to which the backup will be linked (for example, "380123456789") and click Next.
Yandex will send a confirmation code to the entered phone number. Once you receive the code, enter it in the application.
Create a password that will encrypt the backup copy of your data. This password cannot be recovered, so make sure you don't forget or lose it.
Enter the password you created twice and click Finish. Yandex.Key will encrypt the backup copy, send it to the Yandex server and report it.
Restoring from a backup
Select an item Restore from backup in the application settings.
Enter the phone number you used when creating the backup (for example, "380123456789") and click Next.
If a backup copy of the Key data is found for the specified number, Yandex will send a confirmation code to this phone number. Once you receive the code, enter it in the application.
Make sure the date and time the backup was created, as well as the device name, matches the backup you want to use. Then click the Restore button.
Enter the password you set when creating the backup. If you don't remember it, unfortunately, it will be impossible to decrypt the backup.
Yandex.Key will decrypt the backup data and notify you that the data has been restored.
How one-time passwords depend on precise time
When generating one-time passwords, Yandex.Key takes into account current time and time zone set on the device. When an internet connection is available, the Key is also prompted exact time from the server: if the time on the device is set incorrectly, the application will make an adjustment for this. But in some situations, even after correction and with the correct PIN code, the one-time password will be incorrect.
If you are sure that you are entering your PIN code and password correctly, but you cannot log in:
Make sure your device is set to the correct time and time zone. After that, try logging in with a new one-time password.
Connect your device to the Internet so that Yandex.Key can get the exact time on its own. Then restart the application and try entering a new one-time password.
If the problem is not resolved, please contact support using the form below.
Leave feedback about two-factor authentication
Hello, dear friends. Today I will tell you how to set up two-factor authentication for a Yandex account and set a password on Yandex.Disk. This will protect your main account and increase security. individual applications Yandex.
Personal data protection is the most a big problem in the Internet. Users often neglect safety rules. Create simple and identical passwords for different Internet resources and store them in electronic mailboxes, passwords for which are also used on other resources. These are just a few of the common mistakes.
If an attacker gains access to one of the accounts, other user resources will also be at risk. And if we take into account the fact that viruses are capable of remembering passwords entered from the keyboard, the situation will seem even sadder. That is why every Internet user must follow basic security rules:
- Create complex passwords.
— Do not use the same passwords for different Internet resources.
— Change passwords regularly.
And also use additional ways protection. One of these methods is two-factor authentication of a Yandex account.
How does two-factor authentication work?
As you know, to access a restricted area such as email, site admin panel, accounts social networks, login and password are required. But this is only one level of protection. In order to enhance protection, many services provide additional authentication methods, such as SMS confirmation, usb keys mobile applications.
I already told you about. Where, in addition to the login and password, the mobile application generates a security code. So Yandex two-factor authentication works in much the same way.
That is, an additional level of protection is the Yandex.Key mobile application, which cancels Old Password from your Yandex account and generates a new one-time password every 30 seconds.
With this level of protection, you can only log into your account using a one-time password or QR code.
It’s just enough to make certain settings and in the future you point your smartphone camera at the QR code and get access to your Yandex account.
And if you cannot use your smartphone’s camera or do not have access to the Internet, you can always use a one-time password that is generated in the mobile application even without the Internet.
The safety of the same mobile application Yandex.Key provides the PIN code that you create when connecting your account to the application.
Well, if you have an Apple smartphone or tablet, you can use Touch ID instead of a PIN code.
This way, access to your data will be more securely blocked.
Setting up two-factor authentication.
To begin with, on home page Log in to your Yandex account in the traditional way. Then click on your account name (name mailbox) and select "Passport".
On the newly opened page, click on the graphic switch opposite « Two-factor authentication» , and then on the button "Start setup".
The setup procedure itself consists of 4 steps that you will need to perform on your computer and mobile device.
Step 1. Confirm your phone number.
If you have previously linked your phone number to your Yandex account, you can immediately receive a confirmation code. If not, then enter phone number and press the button "To get the code".
The code will be sent to specified number. You need to enter it in a special field and click the button "Confirm".
Step 2. PIN code for the mobile application.
At this step, you need to come up with and enter a PIN code for the mobile application twice. It is this code that will open access to the application on a smartphone or tablet.
Enter the code and click on the button "Create".
Step 3. Install the Yandex.Key mobile application and add an account.
So, from your smartphone or tablet you go to Google Play(for Android) and App Store(for Apple gadgets). Next, download and install the Yandex.Key application.
Open the application and click on the button “Add an account to the application”.
Adding an account to the Yandex.Key mobile application
After which you will need to point the camera of your mobile device at the monitor screen, where at that moment you will see a QR code. Point to this code.
So, go back to the computer and press the button "Next step".
Step 4. Enter the password for the Yandex.Key mobile application.
After waiting for the new key update in the mobile application, enter it on your computer and press the button "Turn on".
After which you will need to enter the old password from your Yandex account and click the button "Confirm".
Completing the two-factor authentication connection
All is ready. You've secured your account with two-factor authentication. Now you need to re-login to your account on all devices using a one-time password or QR code.
How to log into your account using Yandex.Key.
Everything is extremely simple. On the Yandex main page, in the login and registration panel, click on the ellipses icon (...), and select Y.Key from the menu.
Or, you can use the traditional login method, using a login (mailbox address) and password (one-time password for the Yandex.Key mobile application).
How to set a password on Yandex.Disk.
By enabling two-factor authentication, you can create separate passwords For third party applications, which connect to the account. This mechanism turns on automatically after connection.
This way you will use a password that is only suitable for the drive.
By using different passwords for applications, you strengthen the protection of your data.
To create a password, you need to go to the access control page, select the application, enter the name and click the button "Create a password".
The password will be generated automatically and will be displayed only once. Therefore, copy this password to a safe place. Otherwise, this password will need to be deleted and a new one created.
Now, when connecting Yandex.Disk via WebDAV protocol this is the password you will use.
Note: App passwords should be used even if you disable two-factor authentication. This will protect you from revealing the main password to your Yandex account.
How to disable two-factor authentication.
In order to disable two-factor authentication, you need to go to the access control page and click the switch (On/Off).
Then enter a one-time password from the Yandex.Key mobile application and press the button "Confirm".
Creating a new password for your Yandex account
Now you will use your username and password to log into your account, as you did before.
Important: when you disable authentication, passwords created for applications are reset. They must be recreated.
And now I suggest you watch a video tutorial where I clearly demonstrate the entire procedure.
That's all for me today, friends. If you have any questions, I will be happy to answer them in the comments.
I wish you success, see you in new video tutorials and articles.
Best regards, Maxim Zaitsev.
Google Two-Step Verification
Your Google account needs enhanced protection, because it is used to access bank card data to make purchases in the Google Play app store, important messages, documents and letters, and even YouTube videos. Luckily, the tech giant implemented a two-factor authentication system back in 2010.
On Google this system called “Two-Step Verification”. This method allows you to identify the user using a mobile device. When you enable two-step verification in Google user Several options are available. The first option is called Google Prompt - the user simply adds his smartphone to his account and checks that the search engine is installed on the device Google app. Then, when you try to log into your account, you will need to confirm on your smartphone that you are doing this personally.
If this doesn't work, you'll have to enter additional code, which will be sent to your smartphone via SMS text message, voice call, or using the Google Authenticator app. In your personal account, you can register your computer so that you do not have to enter a code each time you log in. If you have a G Suite enterprise account, you can choose to receive a code every 30 days.
Google Authenticator can generate an authentication code even if your smartphone is not connected to the Internet. You need to connect first two-step authentication. The application will then scan the QR code on the desktop screen and then generate one-time passwords based on the time or counter value, which will need to be entered in the appropriate field. This method replaces text messages, voice calls or messages Email. Google Authenticator works with other services such as LastPass, Facebook, Evernote, Microsoft, Dropbox and Slack.
Once you've set up Google's two-step verification, visit your settings again. Google account. Then you can set up the phone number to which access codes will be sent, switch to using Google Authenticator and gain access to 10 backup codes, which can be printed in case emergency situations(for example, your smartphone battery is dead and you cannot access the authentication application).
In this interface, you can create application passwords. Let's assume that you want to use a Google account in a service that does not support standard Google authentication. If you have two-factor authentication activated, you will need the application password to use your Google account in the service.
How to enable two-factor authentication on Google
- Click on the profile page in the upper right corner of the screen and click on the “My Account” button.
- Once the account page loads, select the “Security and Login” page.
- In the “Password and account login method” section, select “Two-Step Verification”.
- At this point, if you want to make changes to the authentication procedure, Google may ask re-entry password. Enter your password to continue setting up security.
- You can now set up two-step verification. Click the “Proceed” button.
- Enter your phone number. You will be able to receive text messages or phone calls on this number. Select the desired option and click “Next”.
- After this you will receive an SMS message or phone call with an access code. Just enter the numbers without the “-G” prefix and click “Next”.
- After this, the next page will open with the message “Successful!” Do you want to enable two-step verification?” Click “Enable”.
You can then go to the 2-Step Verification setup page, where you can set up an alternative second factor in case you can't receive text messages or voice calls. Please note that the default option is to receive codes via SMS. Performance this method depends on your mobile operator. Also, this method is less secure than others available methods. Another very popular option is to use the Google Authenticator app or Google Prompt. They will also require a mobile device.
How to add Google Authenticator as a second authentication factor
- Install the Google Authenticator app on your mobile device
- Go to the Google account two-step authentication setup page and in the “Authenticator Application” panel, click the “Create” button
- Select the operating system of your smartphone - Android or iOS and click “Next”
- Open the Google Authenticator app on your mobile device and select the “Scan Barcode” option
- Scan the QR code that appears on your computer screen and click Next
- Notifications “ secret code saved” and will be displayed digital code. Enter this code on your computer and click “Confirm”
How to add Google Prompt as a second authentication factor
- Go to the Google account two-step verification page and in the “Google Prompt” panel, click the “Add phone” button
- On the next screen, click “Get Started”
- Then select the phone linked to your Google account. Make sure your phone has the Google search app installed and is connected to the Internet. Click “Next”.
- In the notification that appears on mobile phone Click the “Yes” button.
- Then click the “Finish” button on your computer. Setting up Google Prompt completed.
How to Create a Google App Password
An app password is a 16-digit passcode that gives an app or device permission to access your Google Account. If you are using two-step verification and see the error “ wrong password” when trying to log in to your account Google, app password may solve the problem. In most cases, you'll only need to enter your app password once per app or device, so don't worry about remembering it.
- Click on the “application passwords” link in the “Password and login method” section of the Google account security settings page. You may be asked to sign in to your Google Account.
- At the bottom, select the application you are using from the drop-down list.
- In the next drop-down list, select the device you are using.
- Click the “Create” button.
- Follow the instructions to enter the app password (16-digit code on the yellow line) on your device.
- Click “Done.”
Only lazy people don't crack passwords. The recent massive leak of accounts from Yahoo only confirms the fact that just a password - no matter how long or complex it is - is no longer enough to reliable protection. Two-factor authentication is what promises to provide that protection, adding an extra layer of security.
In theory, everything looks good, and in practice, in general, it works. Two-factor authentication does make it harder to hack an account. Now it is not enough for an attacker to lure, steal or crack the master password. To log into your account, you also need to enter a one-time code, which... But exactly how this one-time code is obtained is the most interesting thing.
You've come across two-factor authentication many times, even if you've never heard of it. Have you ever entered a one-time code that was sent to you via SMS? This is it, special case two-factor authentication. Does it help? To be honest, not really: attackers have already learned how to bypass this type of protection.
Today we will look at all types of two-factor authentication used to protect Google Account, Apple ID and Microsoft Account on Android platforms, iOS and Windows 10 Mobile.
Apple
Two-factor authentication first appeared in Apple devices in 2013. In those days, convincing users of the need for additional protection was not easy. Apple didn’t even try: two-factor authentication (dubbed two-step verification, or Two-Step Verification) was used only to protect against direct financial loss. For example, a one-time code was required when making a purchase from a new device, changing a password, and communicating with support about topics related to an Apple ID account.
It didn't end well. In August 2014, there was a massive leak of celebrity photos. The hackers managed to gain access to the victims' accounts and downloaded photos from iCloud. A scandal broke out, as a result of which Apple hastily expanded support for two-step verification for access to access backups and photos in iCloud. At the same time, the company continued to work on a new generation of two-factor authentication method.
Two-step verification
To deliver codes, two-step verification uses the Find My Phone mechanism, which was originally designed to deliver push notifications and lock commands in the event of a lost or stolen phone. The code is displayed on top of the lock screen, so if an attacker obtains a trusted device, he will be able to obtain a one-time code and use it without even knowing the device password. This delivery mechanism is frankly a weak link.
You can also receive the code via SMS or voice call to your registered phone number. This method is not any safer. The SIM card can be removed from a well-protected iPhone and inserted into any other device, after which a code can be received on it. Finally, a SIM card can be cloned or taken from a mobile operator using a fake power of attorney - this type of fraud has now become simply epidemic.
If you do not have access to either a trusted iPhone or a trusted phone number, then to access your account you need to use a special 14-digit key (which, by the way, is recommended to be printed and stored in safe place, and when traveling - keep it with you). If you lose it too, it won’t be a big deal: access to your account may be closed forever.
How safe is it?
To be honest, not really. Two-step verification is incredibly poorly implemented and has deservedly earned a reputation as the worst two-factor authentication system out of all the players." big three" If there is no other choice, then two-step verification is still better than nothing. But there is a choice: with the release of iOS 9, Apple introduced a completely new security system, which was given the simple name “two-factor authentication.”
What exactly is the weakness of this system? First, one-time codes delivered through the Find My Phone mechanism appear directly on the lock screen. Secondly, authentication based on phone numbers is insecure: SMS can be intercepted both at the provider level and by replacing or cloning the SIM card. If there is physical access to the SIM card, then you can simply install it in another device and receive the code on completely legal grounds.
Also keep in mind that criminals have learned to obtain SIM cards to replace “lost” ones using fake powers of attorney. If your password is stolen, then finding out your phone number is a piece of cake. The power of attorney is forged, it turns out new SIM card- in fact, nothing else is required to access your account.
How to hack Apple authentication
This version of two-factor authentication is fairly easy to hack. There are several options:
- read a one-time code from a trusted device - unlocking is not necessary;
- move the SIM card to another device, receive SMS;
- clone a SIM card, get a code for it;
- use a binary authentication token copied from the user's computer.
How to protect yourself
Protection through two-step verification is not serious. Don't use it at all. Instead, enable true two-factor authentication.
Two-factor authentication
Apple's second attempt is officially called "two-factor authentication." Instead of replacing the previous two-step verification scheme, the two systems exist in parallel (however, only one of the two schemes can be used within the same account).
Two-factor authentication appeared as component iOS 9 and the version of macOS released simultaneously with it. New method includes additional verification for any attempt to log into your account Apple entry ID from a new device: to all trusted devices (iPhone, iPad, iPod touch and computers running latest versions macOS) an interactive notification is instantly sent. To access the notification, you need to unlock the device (with a password or fingerprint sensor), and to receive a one-time code, you need to click on the confirmation button in the dialog box.
As in previous method, in the new scheme it is possible to receive a one-time password in the form of an SMS or a voice call to a trusted phone number. However, unlike two-step verification, push notifications will be delivered to the user in any case, and the user can block an unauthorized attempt to log into the account from any of their devices.
Application passwords are also supported. But Apple abandoned the access recovery code: if you lose your only iPhone along with a trusted SIM card (which for some reason you cannot restore), to restore access to your account you will have to go through a real quest with identity confirmation (and no, a scan of a passport is not such confirmation... and the original, as they say, “does not work”).
But in new system protection, there was a place for a convenient and familiar offline scheme for generating one-time codes. It uses a completely standard TOTP (time-based one-time password) mechanism, which generates six-digit one-time codes every thirty seconds. These codes are tied to exact time, and the trusted device itself acts as a generator (authenticator). Codes are mined from the depths system settings iPhone or iPad via Apple ID -> Password and Security.
We will not explain in detail what TOTP is and what it is used with, but we will still have to talk about the main differences between the implementation of this method in iOS and a similar scheme in Android and Windows.
Unlike its main competitors, Apple allows only its own devices to be used as authenticators. Their role can be played by a trusted iPhone, iPad or iPod Touch running iOS control 9 or 10. Moreover, each device is initialized with a unique secret, which allows, in case of its loss, to easily and painlessly revoke the trusted status from it (and only from it). If the authenticator from Google is compromised, then the status of all initialized authenticators will have to be revoked (and reinitialized), since Google decided to use a single secret for initialization.
How safe is it
Compared to the previous implementation new scheme still more secure. Thanks to support from operating system the new scheme is more consistent, logical and easy to use, which is important from the point of view of attracting users. The one-time password delivery system has also been significantly redesigned; the only remaining weak link is delivery to a trusted phone number, which the user still must verify without fail.
Now, when attempting to log into an account, the user instantly receives push notifications to all trusted devices and has the option to reject the attempt. However, with enough quick actions an attacker may have time to gain access to the account.
How to hack two-factor authentication
Just like in the previous scheme, two-factor authentication can be hacked using an authentication token copied from the user's computer. An attack on the SIM card will also work, but trying to get the code via SMS will still trigger notifications on everyone trusted devices user, and he may have time to reject the login. But you won’t be able to spy the code on the screen of a locked device: you will have to unlock the device and give confirmation in the dialog box.
How to protect yourself
There are not many vulnerabilities left in the new system. If Apple abandoned the mandatory addition of a trusted phone number (and to activate two-factor authentication, at least one phone number would have to be verified), it could be called ideal. Unfortunately, the need to verify a phone number adds a serious vulnerability. You can try to protect yourself in the same way as you protect the number to which one-time passwords are sent from the bank.
Continuation is available only to subscribers
Option 1. Subscribe to Hacker to read all materials on the site
Subscription will allow you to read ALL paid materials on the site within the specified period. We accept payment bank cards, electronic money and transfers from mobile operator accounts.