On June 22, 2020, Arduino announced a new initiative to improve security: a two-factor authentication (2FA) for Arduino web services.

Multi-factor authentication has become a growing practice across the web to reduce internet crime. Its proponents claim it can lead to significant reductions in online identity theft and other forms of fraud, as users now have to provide something more than just a password to access their accounts.

With 2FA enabled on Arduino, users get an additional security layer to their account so they can have better protection of any devices connected to the Arduino IoT cloud.

Users are encouraged to enable 2FA and go through the two-step verification process to login to arduino.cc in order to enhance online safety across the Arduino community.

How to Enable Two-Factor Authentication on Arduino

In order to enable 2FA, you’ll need to choose and use an authenticator app, such as Authy, Google Authenticator, Microsoft Authenticator, or LostPass, etc.

Here’s your step-by-step guide for setting up 2FA:

1. Navigate to the id.arduino.cc page, go into your account profile, and click on “Activate” where you see “2-Step Verification” under Security.

   You’ll be notified that every time you sign in to Arduino, you’ll need both your password and an authentication code. This helps prevent someone who obtains your password from logging in to your account.

2. Scan the QR code with your authenticator app.

3. You should now see a 6-digit code in your authenticator app that will change every 30 seconds.

   You’ll want to enter the code you see on your app into the text field and hit “Verify.”

4. **Save your recovery code in a safe place**

   It’s important that you don’t lose your recovery code. If you happen to lose your 2FA codes by losing or breaking your phone and the necessary app, you’ll still be able to access your account with the recovery code. However, if you lose both the 2FA and the recovery codes, you will lose access to your account.

   Note: the recovery code is intended to be used only once – if you use it, you will be provided with a new one for future use.

5. 2FA should now be activated for your account!

   Don’t forget to keep your device handy when you want to login to your Arduino.

Does Two-Factor Authentication Work?

Password hacks have happened over the past several years for major online brands – for example, Twitter and LinkedIn – prompting many digital companies to offer 2FA or other forms of multi-factor authentication to for better online safety and security.

Interestingly, although 2FA has been shown to improve security, it’s not always a helpful solution. For example, it requires you to use a second device, and as long as it remains an optional choice, many users may not go through the trouble of enrolling in spite of the security enhancements.

What do you think about Two-Factor Authentication? Is this a security feature you’ll use for your Arduino activities? Let us know in the comments!

And if you want more news about Arduino and Raspberry Pi, be sure to bookmark and return to the Vilros blog.