Having our systems and devices protected is essential. We are constantly using passwords to log into services, platforms and whatever equipment we are using. There are many options that we have in this regard and it is vital to have keys that are strong and complex. Now, we can also apply the additional barrier of two-step authentication. In this article we are going to explain how to configure the login in Ubuntu with 2FA .
Why use two-step authentication
We all have passwords for email, social networks, or even to enter our operating systems. Ubuntu is no exception and when accessing we will have to put a password for it.
We can say that this is the main barrier to avoid intrusion into our accounts. If we use a password that is strong and complex, that contains letters (uppercase and lowercase), numbers and other special symbols, in addition to being random and long enough, we can say that it is secure and that nobody will be able to access it.
However, sometimes there may be leaks, we can be victims of Phishing attacks, keyloggers and other threats that could steal our passwords. In this way an attacker could enter our account. To avoid that, two-step authentication comes into play.
What is Two-Step Authentication or 2FA? Basically it means that we are going to have to put a second code, carry out a second step, to log in. Thus, in case an attacker knows our password, he could not access without that second step.
Use two-step authentication in Ubuntu
Ubuntu is undoubtedly one of the most used Linux distributions. It offers a wide range of possibilities and we can also use two-step authentication to add an extra layer of security to our account and not have problems.
For this we will need a couple of things: one of them is to install the dependencies and Google Authenticator in our system and the other is to use a program compatible with the 2FA of Google Authenticator on our mobile phone. This is where we will receive those codes that we will have to put when logging in.
So, the first step will be to install Google Authenticator on our system. To do this you have to go to the Ubuntu terminal and execute the following command:
sudo apt install libpam-google-authenticator
During the installation process, which is quick and easy, it will ask us a series of questions that we must always answer yes in order to configure it correctly.
Later we have to execute the google-authenticator command to configure it correctly and obtain the keys that we are going to use. We will have to link it to the application that we are going to use on the mobile. In addition, a series of questions will appear again that we will have to answer yes.
Done these steps we will have installed what is necessary. Now we will simply have to enable two-step authentication in Ubuntu so that it asks us for that second code when logging in. In this case we will have to execute the command sudo nano /etc/pam.d/lightdm to obtain the configuration file and later add the line
auth required pam_google_authenticator.so nullok .
The next step is to save that file and then reboot the system. From that moment on we will have Ubuntu configured to request 2FA at the time of logging in.
Keep in mind that we will always have to have our mobile phone and the Google Authenticator client correctly installed and available. Otherwise we could not log into Ubuntu. Of course, this will only happen if we have the operating system configured to ask us for the password when logging in and is configured to start automatically without the need to enter the password.
In short, as we can see, it is a simple process and we can have Ubuntu more protected from possible intruders. A very useful measure to prevent a loss of the computer, for example, that means that anyone can access the system by brute force and thus guessing the password. One more way, in short, to preserve our data.