While Americans were feasting on turkey and stuffing yesterday*, Francesco was back in Italy putting the final touches on the next release: Two Factor Authentication.
This is a first roll-out using a one time code which will be sent to you via email during sign in to your Passpack account. You can choose the email you’d like to receive the code at, and whether or not you’d like it to be required all the time, or (my favorite) only when your Welcome Message is inactive.
This feature is completely optional. To set up a second factor of authentication, choose Two Factor Authentication from your Settings menu.
Two Step Login AND Two Factor Authentication
Passpack uses a two-step login. First step, the user has to be recognized – with User ID and Password or via a 3rd Party (Yahoo, Facebook, Twitter, etc.), second step is our famous Packing Key.
Most of you know that your Packing Key is known only to you and decrypts your data directly in the browser. But what some of you may not realize is that we also use it as an additional authentication step. This is because your data will only be released by the server to your browser if a hash of your Packing Key matches the one stored.
This approach is clearly safer than any other two-step approach. So, we have always been reluctant to add a “traditional” second factor of authentication. However, since there are a few users that periodically ask us for it, we decided to introduce some form of Two Factor Authentication.
We started with a simple one: a One Time Password (OTP) via email.
How to Set Up Two Factor Authentication
Go to the Settings tab and launch the command Two Factor Authentication. Passpack verifies the configuration and lists the available factors. Continue and, in the next screen, choose the email address where the OTP will sent. Also, you can choose to activate the second factor only when your Welcome Message doesn’t appear – for example, when you aren’t connected with your own PC.
In the next step Passpack will send you a test OTP to verify that you can receive it without issues (ex. excessive waiting time, anti-spam filters, etc.). Simply check your mailbox, copy the OTP from the message and paste it in the field to complete the process.
Please be aware that if you set this up, you must have access to your mailbox before logging into Passpack (don’t create a catch 22 folks!).
* Sorry, just HAD to get a reference to the turkey in here somehow [wink]