To improve Ubuntu security you may want to enable multi-factor authentication. Two-factor authentication enables users to provide certain details such as random code, or OTP (Time Password ) to add another layer of security to standard usernames and passwords. There are multiple ways to implement multi-factor authentication in Ubuntu. Google authentication is one of them. To get started with installing Google authentication, follow the steps below:
Install the Google PAM package
Google authentication is a PAM ( Pluggable Authentication Module) package that provides a mechanism to add extra layers of authentication on the Linux platform. To install it, run the commands below:
Install the Google Authenticator app
To authenticate using a one-time code, you’ll need to install the Google Authenticator app on your mobile device(s). This is where the one-time code will be displayed. Visit the app store using your mobile device and search for Google Authentication, or use the link below: https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2 After installing it on your mobile device, go back to Ubuntu and configure it to log in using a one-time password.
Configure Ubuntu
Now that Google Authenticator is installed, open its configuration file by running the commands below; Then copy and paste the line below anywhere into the file and save. Paste the line anywhere in the file. Save and exit. After that, run the commands below to initialize Google authenticator. When you run the commands above, it will evoke a setup prompt to answer questions based on your environment. A QR code will be displayed on the terminal as shown below and right below it, some information will be displayed. Since you may not be able to scan the QR code from your terminal windows, go to your mobile app and add a new profile. Choose to enter the setup key instead of scanning a QR code. Then enter the new secret key and the confirmation code: The emergency codes are backups that you can use if you don’t have your mobile device with you. Make sure to take note and store it in a secure but accessible location. In most environments, answering yes to all the questions will be enough to provide the kind of security that works. After setting up, reboot your machine and test. As you can see, you’ll still verify your username and password, but the third layer of a one-time code will also be needed to log in. Enter the code from your mobile device to complete the verification. That should do it! Conclusion: This post showed you how to install and configure Google Authenticator on Ubuntu to provide an additional layer of security. If you find any error above, please use the form below to report.