I recently wrote an article on how to enable 2-Step Verification on your WordPress.com sites as well as your self-hosted WordPress.org sites, so today I will be showing you how to enable the same level of security for your DreamHost panel.
By default, when you login to your DreamHost panel, you will only be asked for your email address/Web ID and password in order to gain full access to your account. If a would-be hacker wanted to gain access to your site then they would just need to get hold of the email address/Web ID associated with the account and then use a brute-force attack to find your password. The damage that can then be caused to your beloved site once an attacker has access could be devastating, which is why it is important to enable extra security measures if you can.
Users wishing to enable 2-Step Verification/Multifactor Authentication for their DreamHost accounts will require a smartphone or tablet device with the Google Authenticator app installed. The app is available on the following platforms:
- Android devices (requires Android 2.2 or above)
- iOS (iPhone, iPad, or iPod Touch with iOS 3.1.3 or later)
- Windows phone (requires Windows 7.5 or 8)
Blackberry 10 devices don’t seem to have a Google Authenticator app for their devices, but there is another app called Authomator, that does the same job. Users will require BB 10 smartphone or higher in order to use this app.
So, let’s begin the process of enabling 2-Step Verification/Multifactor Authentication for your DreamHost account. In total it should only take you a few minutes to complete, but will add a much-needed level of security. Make sure that you have installed the Google Authenticator for your smartphone or tablet device first.
Login to your DreamHost panel in the usual way
On the left hand side of the window go to the Billing & Account section and select Security
In the main window you will see a section titled Multifactor Authentication which by default is disabled. To enable this simply input your DreamHost Panel password (the same one you used to login with) and choose the Multifactor Authentication method you wish to use. I would definitely recommend using the default method of time-based. Once you have done this, click on the Get Started button below.
Once you have selected Get Started, you will be presented with your unique barcode, (QR Code) as well as the Secret Key and a Passcode field.
On your smartphone or tablet, open the Google Authenticator app and go to the options area. In here select Set up account>Scan a barcode. Once you select scan a barcode, simply scan the barcode/QR Code on your monitor that DreamHost created for you. This will immediately start to generate codes for that account on your Google Authenticator app. If your devices camera is broken, or simply doesn’t have a camera then input your 16-digit Secret Key via the alternative Enter a key provided method (available just under the DreamHost barcode) instead.
If you are still logged into your DreamHost Panel, log out. Now log back in and you will notice that there is an extra field you need to fill in in order to access your DreamHost Panel. This is where you input the 6-Digit code that your Google Authenticator app generates. Simply open the app on your phone and enter the number generated for your DreamHost Panel. You will also see that there is a drop-down box available that lets you decide how long you wish the computer that you are logging in with to remember you. You can choose either:
- Don’t remember this computer (recommended should your mobile and laptop get stolen together)
- 1 week
- 1 month
Once the chosen time period has expired, you will be required to generate another code (via the app) to have access again.
These codes change every 30 seconds, as indicated by the rotating timer, making it a lot harder for people trying to brute force your account. Don’t panic to try and input the number as the timer runs down. Another one will show so take your time.
So what happens if I have my phone or tablet stolen and am unable to generate the required codes?
If this happens to you, don’t worry as you will also see on the new login screen has a Forgot password or lost/failed multifactor authentication? link that you can use. You will be asked to fill out a simple security form which will then grant you access again to either enable or disable the security.
How do I disable 2-Step Verification/Multifactor Authentication?
Simple. Just log in to your account and head to the security area. Input your password and hit Disable.
I’ve just logged in to my DreamHost Panel from another device and it’s showing an error!?
Don’t worry as this is perfectly normal. Multifactor Authentication uses browser cookies to function, so if you try to log in from a new computer that has never been logged into DreamHost before, the Multifactor Authentication Code field will not initially be visible, and your first log in attempt will fail. After that first attempt, DreamHost will identify your account and make the Multifactor Authentication Code field visible so that you can log in.
That’s it. I hope that this has helped you in setting up 2-Step Verification/Multifactor Authentication on your DreamHost account. If you have any questions regarding setting this up for yourself, just leave me a comment below and I will try to help you if I can. The screenshots used for the Google Authenticator app were taken via my Nexus 4, so if you are using the app on a different platform, it may look slightly different.
The Google Authenticator can be used to set up 2-Step Verification on a various sites, like Amazon AWS, Dropbox, Gmail and WordPress among many other services. Unfortunately, you can’t use 2-Step Verification on Twitter or Facebook yet using this app which is a shame and doesn’t reflect well on either of them.