Your submission was sent successfully! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates from Canonical and upcoming events where you can meet our team.Close

Thank you for contacting our team. We will be in touch shortly.Close

  1. Blog
  2. Article

Holly Hall
on 17 June 2021


What is 2-factor authentication (2FA)?

Two factor authentication (2FA) increases your account security further than just using a username and password. In addition to a password (the first factor), you need another factor to access your account. A great example to demonstrate this is when you withdraw money from an ATM. To access your bank account you need both your physical bank card and to know your PIN number. These are the two factors you need to withdraw money = 2 factor authentication!

Common ways to provide this extra level of security are a specific application on your phone or computer, a physical security key/USB (Yubikey, for example), or a smart card. By using more than one of these factors, you can greatly increase the security of your account or system.

2-factor authentication and Ubuntu One SSO

Ubuntu One Single Sign-On (SSO) has supported 2FA since 2014. The ubiquitous OATH (Initiative for Open Authentication) protocol is supported, using open standards to promote stronger security and authentication. Using open standards means that a wide range of devices and applications can be used as a second factor. This includes phone and desktop applications like 1Password, Authy, Authenticator and countless more. This also includes hardware devices from Yubikey, Feitian and others, and even some terminal applications such as oathtool. Thanks to OATH’s simplicity, even a list of numeric codes can be used as a valid device. These codes could, for example, be printed on a sheet of paper and stored securely for use in an emergency or as a backup device

The basics of the workflow, mechanics and code in Ubuntu One SSO  are solid, proven, and used by hundreds of people every day. Despite the above, 2FA in Ubuntu One SSO has remained in closed beta for more than 7 years. The one thing that was lacking was a comprehensive code recovery experience to prevent lockouts

Why code recovery?

A downside of 2-factor authentication is that, should the code-generating device(s) be lost, misplaced, broken or misconfigured, the user will be unable to enter a 2-factor code and thus will be denied access to their account.

As 2FA entered beta testing, it was primarily used by Canonical employees. In this situation, the company has verified mechanisms for identity validation and device reset. However, as the pool of testers expanded to include security-minded, community members and external users, we realized it wasn’t as easy to provide an analogous recovery mechanism. Since we don’t have any verifiable information identifying the user or linking them to their account, there was no way to establish ownership of that account. Despite an email address being a reasonable method of linking a user to their account, 2FA operates under the assumption that an email address could be compromised. As a result, in practice, users who get locked out of 2FA effectively lose their accounts.

What are we doing about this?

After many years in beta, we have created a comprehensive code recovery experience. Following this, we are happy to announce that we will be implementing 2FA for all Ubuntu One accounts. This change is coming in the next few weeks, so keep your eyes peeled for instructions on how to enable 2FA for your account. With a reliable backup mode of authentication, lockouts should be a thing of the past.

In the meantime, if you want to read more about secure IoT and Desktop solutions, check out the links below!

Photo by Alberto Barrera on Unsplash, taken at Lago de Garda, Italy.

Related posts


Andreea Munteanu
10 May 2024

An overview of machine learning security risks

AI Article

Data is at the heart of all machine learning (ML) initiatives – and bad actors know it. As AI continues to occupy the limelight of modern tech discourse, ML systems are becoming increasingly attractive targets for attack. With the Identity Theft Resource Center reporting a 72% spike in data breaches in 2023, it’s critical to ...


Alex Murray
24 April 2024

What’s new in security for Ubuntu 24.04 LTS?

Confidential computing Security

We’re excited about the upcoming Ubuntu 24.04 LTS release, Noble Numbat. Like all Ubuntu releases, Ubuntu 24.04 LTS comes with 5 years of free security maintenance for the main repository. Support can be expanded for an extra 5 years, and to include the universe repository, via Ubuntu Pro.  Organisations looking to keep their systems secu ...


anakritskaya
4 April 2024

Canonical at America Digital Congress in Chile

AI Article

Canonical participates in America Digital Congress in Santiago, Chile. Learn how Canonical can support your digital transformation journey. ...