How to activate Two Factor Authentication (2FA)

Two-factor authentification - Overview

Two-factor authentication (2FA) helps to improve the security of your account: once enabled, you are requested to enter an one-time code along with your email and password to log in to the Scaleway console. It provides an additional layer of security for your account by preventing an attacker from accessing your account using a compromised password.

Without using 2FA, only your email and password are required to access your account. A person with malicious intent would simply need to get your password to authenticate your account.

Once 2FA enabled, an additional code which changes automatically every 30 seconds is required to authenticate. This authentication code is generated within a designated application on your smartphone, tablet or computer, called the 2FA App.

This means accessing your account requires both: your password and a second factor: access to the 2FA App. Even in case of a leaked password your account is protected by this second layer of security.

Requirements

Enabling two-factor authentication

You can enable and disable two-factor authentication for your Scaleway account in the Profile section of the Console.

Important: When enabling two-factor authentication, please read carefully the information below to reduce the risk of being locked out of your own account.

1 . Go to the Profile section of the Scaleway Console.

2 . Scroll down to bottom of the profile page, until you see the Two-Factor Authentication section.

3 . Click Enable 2FA:

4 . Launch the 2FA application on your device and scan the QR code displayed in the pop-up window. If your device has no camera or you don’t want to use the QR code, you can type the validation code into your application:

5 . The 2FA application generates a first six-digit validation code. Type it into the form and click Submit.

6 . Two-factor authentication is now enabled. A list of backup codes displays. Download the list and keep it in a secure environment, aas you will need these codes if you lose access to your 2FA applications.

Upon your next login to the Scaleway console, you will be asked to enter the six-digit code generated by your 2FA application to authenticate against the console.

Disabling two-factor authentication

Note: For security reasons you should keep two-factor authentication enabled at all times.

1 . Go to the Profile section of the Scaleway Console.

2 . Scroll down to bottom of the profile page, until you see the Two-Factor Authentication section.

3 . Click Disable 2FA:

4 . Type Disable in the form to confirm the deactivation of two-factor authentication for your account. Click Disable to validatate:

Two-factor authentication for your account is now disabled and you can login using your email and password only.

Disabling two-factor authentication using the API

You can also disable two-factor authentication from the API (an API token is required). Execute the following API call to disable the two-factor authentication:

curl -H "X-Auth-Token: <YOUR_TOKEN_HERE>" https://account.scaleway.com/users/:id/2FA -X DELETE

Lost two-factor authentication & Backup codes

If you lose your two-factor authentication device or application and your backup codes, you can follow this procedure to regain access to your account.

Discover the Cloud That Makes Sense