Two-factor authentication (2FA) strengthens authentication with an additional layer of security that requires presenting an extra piece of evidence (the possession factor) to an authentication mechanism of a website or application. To obtain the possession factor, you can use an authenticator like Google Authenticator, 1Password, Authy, or Microsoft Authenticator, which provides a random code that changes frequently.
In Snyk API & Web, users can set up 2FA by simply configuring this extra layer of authentication in their profiles.
Set Up 2FA
In the Snyk API & Web app, set up 2FA as follows:
Open the dropdown menu with your username on the bottom-left corner of the navigation bar and click on Profile.
In the TWO-FACTOR AUTHENTICATION (2FA) section, click on Set up.
A dialog is displayed to enter your password as a security measure.
In the next dialog, follow the instructions:
Use your device to download and install a 2FA app (Google Authenticator, 1Password, Authy, or Microsoft Authenticator, etc.) to provide a verification code.
Use the app to scan the QR Code.
Enter the verification code given by the app and click on Verify.
The 2FA is enabled, and Snyk API & Web shows a dialog with the recovery codes in case you lose your device. Copy the codes, save them in a secure place, and close the dialog.
With the 2FA set up and enabled, every time you log in to Snyk API & Web, you will have a second authentication step asking you to enter the random code generated by the authenticator app you have installed on your device.
You can go to your profile and disable 2FA or update the device with the authentication app anytime. The procedure to update is very similar to what is described in this article.
If you lose access to the device with your authenticator app and cannot log in to Snyk API & Web, read this article on how to recover access to your account.