Tutorial for two factor authentication

[m4sk1n]

#482
I'm waiting for feedback.
I will add two more screenshots from Authenticator app tomorrow and scale down the current one. I know my English isn't perfect…

[webteam-app]

User is not a collaborator of this repo. Please start demo manually.

[caldav]

Very useful and pragmatic, good job!
I've commented on some things that needs fixing.
Two other things:

• It's not clear that these steps should be applied server side and not client side.
• You may want to fudge or alter the QR code a bit, and do so visibly, so people notice it's as sensitive as the secret key you blurred.

Thank you for this!

[caldav]

"two factor" -> "two-factor" (the same comment is to be applied to the rest of the tutorial, I won't point it out each time)

[caldav]

Published -> published

[caldav]

Please add feedback_url: https://github.com/canonical-websites/tutorials.ubuntu.com/issues to the metadata

[caldav]

"computers containing"
"(2FA)": no need for italics on the acronym.

[caldav]

Let's be a bit more pragmatic:

What you'll need

• A computer running Ubuntu 16.04 LTS or above
• A phone running Android or iOS
• A configured SSH connection

[caldav]

I'm suggesting you move this section in the middle of the first page so it would look like this:

PAGE1 - Overview

[purpose of the tutorial]

What is two-factor authentication

[context about the topic]

What you'll need

• ...
• ...

PAGE 2 - Installing and configuring required packages

[caldav]

Multi-factor
ways
uses a combination
"(often called password, which implies that you should just use single word to log in)" is a nice touch, but confuses the point of the paragraph. Maybe simplify it with: "(a complex password, often made of several words)"
"one-time passcode"
by a special mobile app

Also, please put "one-time passcode" in bold too, because it helps putting the two auth factors on a same level.

[caldav]

"We will use the Google Authenticator app available for Android (in the [Play Store]) and iOS (in [iTunes]) to generate authentication codes."

Maybe one more sentence: "If you are using another phone OS or authentication device, you can follow and adapt this tutorial, as the basic principles of 2FA still apply".

[caldav]

To avoid a repetition with the title just above, maybe something a bit more descriptive, such as "Installing the Google Authenticator PAM module"

[caldav]

Please drop the "$ "

[caldav]

"To make SSH use"
"the following line at the end of the /etc/pam.d/sshd file"

[caldav]

the sshd daemon

[caldav]

Please drop the "$ "

[caldav]

"...from no to yes, so this part of the file looks like this:

[...]
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication yes
[...]

[caldav]

makes the configuration

[caldav]

You are going a bit too fast here. If you don't want to go into the details of explaining the purpose of each step, maybe you could use bullet points, here is a suggestion:

"In a terminal, run the google-authenticator command.

It will ask you a series of questions, here is a recommended configuration:

• Make tokens "time-based": yes
• Update the .google_authenticator file: yes
• Disallow multiple uses: yes
• Increase the original generation time limit: no
• Enable rate-imiting: yes

You may have noticed the giant QR code that appeared during the process, underneath are your emergency scratch codes to be used if you don't have access to your phone: write them down on paper and keep them in a safe place."

[caldav]

secret code -> secret key (to match the terminology the user sees in the terminal output)

[caldav]

We shouldn't -> Don't
secret key -> secret keys
", such as a notes synchronization service and so on."
"use the QR code."

[caldav]

the secret

[caldav]

the latest
the Play Store
the process shouldn't

[caldav]

### Using the QR code

[caldav]

the phone camera
"the QR code displayed in your terminal output"
"You can use this key to access SSH" <- Maybe keep this sentence for later, as it applies to both methods, no?

[caldav]

### Using the secret key

[caldav]

"... Enter a name that you will recognise as being your 2FA method for SSH, then type the secret key provided..."

[caldav]

for an authentication key
a traditional passphrase

[caldav]

some -> more

[caldav]

Thanks @m4sk1n! I'm merging it, it won't appear right away on the site as we are looking into making something a bit special for code-in students, probable by end of next week :)