We continue our look at authenticators for Android. Let me remind you that in the last article, not only eminent applications for two-factor authentication – Google Authenticator and Azure Authenticator, but also one-stop solution profile developer - Authy 2-Factor Authentication. That is what became optimal.
Now we will talk about the domestic authenticator - "Yandex.Key", designed to replace Google Authenticator. The application looks interesting, offers two types of authorization and own protection. However, we will not give him positive marks in advance and check everything thoroughly.
The second participant will be FreeOTP Authenticator, a program with an open source code, which in turn can become a benchmark for such solutions. But these are only the first assumptions, so let's not beat around the bush and start.
As test equipment, we used a DEXP Ursus 8EV2 3G tablet (Android 4.4.2, MT8382 processor, 4 x Cortex-A7 1.3 GHz, Mali-400 MP2 video core, 1 GB RAM, 4000 mAh battery, 3G module, Wi-Fi 802.11 b/g/n) and smart phone HT3 Pro (Android 5.1 Lollipop, MT6735P processor, 4 x Cortex-A53 1.0 GHz, 64-bit, Mali-T720 GPU, 2 GB RAM, 3000 mAh battery, 4G module, Wi-Fi 802.11b/g/n)
"Yandex.Key"
Acquaintance
“This is an authenticator that creates one-time passwords (OTP) to log in to Yandex, Facebook, Google, GitHub, Dropbox, VKontakte and other services that support two-factor authentication (2FA). On Yandex, you will enter the password created by the "Key" instead of the usual password, and on other services - along with the usual one.
Description in Google Play speaks for itself and there is not much to add, except for the fact that some users prefer this application
Many users whose activities are related to making money on the Internet or storing important information online try to protect their accounts from hacking and theft of confidential data.
Certainly, complex password, which includes numbers and letters, as well as Special symbols, enough reliable protection, But maximum effect provides two-factor authentication.
However, not every person knows about this option to protect their accounts, and this is despite the fact that today more and more services (mailers, social networks, etc.) offer to take advantage of this opportunity.
What is two-factor authentication?
So, what kind of protection in question? In fact, you've come across two-step verification before. For example, when you are going to perform any transaction with money on the WebMoney website, then, in addition to your login and password, you will need to specify a confirmation code that will be sent to your mobile phone.
In other words, two-factor authentication is the second key to your account. If you activate this option, for example, in Evernote (there is such a possibility), then an attacker who managed to guess the password for this note service will face another problem - the requirement to specify one-time code that comes to your phone number. It is worth noting that in the event of an attempt to hack your account, you will receive an SMS, and you can instantly change your password.
Agree that this is a very convenient option, using which you will be less worried about the loss of personal information.
Where is the best place to use?
Of course, some users may object, arguing that two-step verification is too much "excessive movements", and in general, it is intended for paranoids who always think that someone is watching them.
Perhaps they are right about something. For example, for social networks it is not necessary to use this way protection. Although even here it is debatable. As a rule, attackers try to hack into the accounts of administrators of popular "publics". And you, most likely, also would not like to notice one day that your account in one of the "social networks" was hacked and completely indecent photos were posted on the "Wall".
As for other services, for example, Yandex two-factor authentication will allow you to safely store your registration data from WebMoney and others) or letters containing secret information.
Google account protection
One of the most popular services today is Google. This is where you can register your e-mail Mailbox, store documents on Google Drive, create a blog or YouTube channel for free, which can later bring you profit.
In order for users to be sure of the safety of documents stored on mail or disk, they are offered a two-factor Google authentication. You must be logged into your account to activate it.
Now, having opened, for example, a mailbox, pay attention to the avatar in the right upper corner. Click on it and go to "My Account". Here you need the "Security and Sign In" section, namely the "Google Account Sign In" link.
On the right you will see the option "Two-step verification", where you need to click the arrow to activate it. A window will open in which you are interested in the "Proceed to setup" button. Enter your password and follow further instructions.
Two-factor authentication "Yandex"
Yandex also offers its users quite a lot useful services. Except cloud storage information on "Yandex.Disk", you can get yourself online wallet where you will withdraw money earned on the Internet.
And, of course, Yandex did not stand aside and also offers its users to use two-factor authentication to protect documents stored in the mailbox.
To enable it, you will need to perform several simple actions. Log in to your account and click LMB on the profile photo (upper right corner). Select "Passport" from the drop-down menu. A window will open in which you need to click on the "Access Control" link. Set the "slider" to the "ON" position. You will be redirected to a page where you need to click on the "Start setup" button. Now go through the 4 stages of activating two-factor protection.
Social network VKontakte"
As mentioned above, attackers usually try to gain access to the accounts of "admins" popular bands. But this is not always the case, because just the personal correspondence of some well-known person on the Internet may be of interest.
It is worth noting that for some users this method of protecting an account eventually becomes annoying, as it requires constant input secret code except for username and password. In such cases, you need to know how to disable two-factor authentication. However, first we will deal with the activation of this option.
In fact, turning on two-step verification is very simple. Select "My Settings" and then go to the "Security" tab. In the Login Confirmation section, click the Connect button. Now consistently follow all the requirements.
Disabling two-factor authentication
In order to deactivate two-step protection in Yandex, you will need to go back to your Passport by clicking on your profile picture. After that, open the "Access Control" section and set the slider to the "Off" position.
Conclusion
Now you know what two-loop authentication is and why you need it. By using one or another service, you can activate this additional protection or refuse to do so.
Of course, in some cases it is highly recommended to enable two-step authentication. For example, when registering for WebMoney, you indicated the mail from Yandex. While surfing the Internet, you can become a victim of hackers who break into your mailbox and gain access to e-wallet. To prevent this from happening, it is better to install and link e-mail to the phone. Thus, you can quickly respond if someone tries to hack you.
Hello again everyone. Agree, the most important thing while working on the Internet is security. She needs to give Special attention. When registering for an important site, you should create strong password or use . Since the more complex the combination of letters and numbers, the more difficult it will be for attackers to crack it. However, there are times when hackers manage to gain access to your account, for example, to your personal mail. This is very sad: important information it may end up in unkind hands and it may be used against you, correspondence with your partners may be completely deleted, etc. In a word, your account must be protected like the apple of an eye.
To improve security, many services offer two-factor authentication. Today we will look at what it is using Yandex mail as an example.
When this feature is enabled, an attacker, even if he chooses your main password correctly, will not be able to get into your mailbox. Since this would require a random one-time password, which generates special application on your smartphone or tablet. Now we will try to describe in detail how to enable two-factor authentication in Yandex. In the future, a similar review will be Google mail and Mail.ru.
So, to connect this function, we need a smartphone or tablet. We go to our mailbox Yandex mail. If you don't already have one, create it. How? Read in .
After we have logged into the account, click on your account and select the item " Account Management»
Yandex passport will open with all sorts of settings. In the block " Access control"go to the link" Set up two-factor authentication»
Now we have to go through 4 steps.
1 step. Verify your phone number.
Your account after enabling new feature will be linked to your phone number. Therefore, indicate the number to which you have Free access. After that, click on the button " to get the code»
After a couple of seconds, an SMS message will come, where the code that we enter in the field will be indicated ...
... and press " Confirm»
Step 2. Pin code.
In order for the application to be able to generate a one-time password, you need to enter a pin code, the one that we will now indicate. Attention!!! Remember this code and do not share it with anyone. Even if your phone is stolen, without knowing your pin code, attackers will not be able to use this application.
Enter the PIN code, then repeat. To open the symbols, click on the eye. This way you can make sure you typed everything correctly. And press " Create».
Step 3. Yandex Key mobile application.
At this stage, we need to install the very application that will create one-time passwords. We press the button " Get link to phone».
Let's go over it. Phone on Android based will automatically open Google service Play with a suggestion to install the Yandex Key application. We install it.
Open Yandex Key. After a few introductory pages, you will be prompted to scan a QR code. The app will ask for permission to access your camera. We agree. Next, point the camera at the monitor screen so that the square with the QR code hits the camera lens. The app will automatically scan and add your account. If the scan fails, you can keep the secret key. To view it, click on the link Show private key» under the QR code. In the application, also select the method for entering the secret key.
Now let's move on to the next step.
Step 4. Entering a one-time password from Yandex key.
We launch our application on our gadget. Now you will need to enter your pin code. And after that you will see the same random one-time password.
The password is updated every 30 seconds. Therefore, have time to enter it in the field before the update and click the " Turn on».
That's it, we have enabled two-factor authentication for our Yandex.
Let's check how it works. Sign out of the current account.
Now you can log into your account in 2 ways. 1) enter your login (or address Email Yandex) and then we enter NOT the password that we previously used, permanent, but the ONE that we receive in the Yandex mobile application key after entering the pin code. And press the Login button. Second way means logging in with QR code. Click on the icon in the form of a qr-code (to the right of the Login button).
Then we get to this page
We follow the instructions: we launch the Yandex Key, enter our pin code and then select " Login with QR code»
Then we point the camera of the tablet or phone at the QR code. The application scans the code and we get access to our mail.
How to disable two-factor authentication in Yandex
If for some reason you decide to disable two-factor authentication, then this can be done quickly and easily. We enter your mailbox, go to Account Management (where and how to do this, see at the beginning of this article) and turn off this feature.
On next step we need to enter a one-time password from the Yandex Key application
Enter it and confirm.
We create New Password(this time constant), repeat it and save.
That's it, now our two-factor authentication is disabled. The permanent password created in the previous step will be used to log in.
So, today we looked at how to make our Yandex mail account more secure by connecting two-factor authentication to it. Are you using this feature? Share in the comments.
And that's all for today. See you soon!
Every person should have a dream. A dream is what drives a person. When you are small, you dream of growing up. The dream must first become a goal. Then you must achieve your goal. And you should have a new dream!
You can enable two-factor authentication in . You will need the Yandex.Key application, which can be installed on mobile device based on iOS or Android. A device that does not support app installation (such as Amazon Kindle Fire) cannot be used.
After you enable two-factor authentication:
All Yandex applications, programs and services will require a one-time password. You will also need a one-time password when logging in using a social network and logging into your Mail for Domains box.
You don't have to enter your login and password if you log in to Yandex using a QR code.
For third parties mobile applications, computer programs and mail collectors will need to use individual application passwords.
Note. To transfer your account to another smartphone or tablet, open the page and click the button Device replacement.
The setup takes several steps. Two-factor authentication is enabled only after you click the button Finish setup on last step.
- Step 2: Create a PIN
- Step 3. Set up Yandex.Key
Step 1: Verify your phone number
If a phone number is linked to your account, the browser will show this number and ask you to confirm or change it. If your current phone number is not linked to your account, you will need to link it, otherwise you will not be able to restore access to your account yourself.
To link or verify a number, request a code via SMS and enter it into the form. If the code is entered correctly, click the Confirm button to proceed to the next step.
Step 2: Create a PIN
Think up and enter a four-digit pin code for two-factor authentication.
Attention. As with many bank cards, only you know the pin code and you cannot change it. If you forget your PIN code, Yandex.Key will not be able to generate the correct one-time password, and you will only be able to restore access to your account with the help of the support service.
Click the Create button to confirm the entered PIN.
Step 3. Set up Yandex.Key
Yandex.Key is required to generate one-time passwords for your account. You can get a link to the app directly on your phone or install it from the App Store or Google Play.
Note. Yandex.Key can request access to the camera to recognize QR codes when adding accounts or when authorizing using a QR code.
Click the button in Yandex.Key Add an account to the app. Yandex.Key will turn on the camera to scan the QR code displayed in the browser.
If you cannot read the QR code, click the link in your browser Show private key, and in the application - a link or add it manually. In place of the QR code, the browser will display a sequence of characters that must be entered in the application.
After recognizing the account, the application will ask for the pin code that you created in the previous 2FA setup step.
Step 4. Check the one-time password
To make sure everything is set up correctly, you need to enter a one-time password in the last step - two-factor authentication will only turn on when you enter the correct password.
To do this, you need to correctly enter the pin code that you created in the second step in Yandex.Key. The application will show a one-time password. Enter it next to the Enable button and click this button.
Attention. Applications developed in Yandex require a one-time password - even correctly created application passwords will not work.
- Login with QR code
- Transfer of Yandex.Key
- Master password
Login to a Yandex service or application
You can enter a one-time password in any Yandex authorization form or applications developed by Yandex.
Note.
The one-time password must be entered in time while it is displayed in the application. If there is too little time left before the update, just wait for the new password.
To get a one-time password, launch Yandex.Key and enter the pin code that you set when setting up two-factor authentication. The application will start generating passwords every 30 seconds.
Yandex.Key does not check the PIN you entered and generates one-time passwords, even if you entered your PIN incorrectly. In this case, the created passwords also turn out to be incorrect and you will not be able to log in with them. To enter the correct pin code, just exit the application and start it again.
Features of one-time passwords:
Login with QR code
Some services (eg. main page Yandex, Passport and Mail) allow you to enter Yandex by simply pointing the camera at the QR code. At the same time, your mobile device must be connected to the Internet so that Yandex.Key can contact the authorization server.
Click on the QR code icon in the browser.
If there is no such icon in the login form, then this service You can only log in with a password. In this case, you can authorize using the QR code in the Passport, and then go to the right service.
Enter the pin code in Yandex.Key and click Login using QR code.
Point your device's camera at the QR code displayed in the browser.
Yandex.Key recognizes the QR code and sends your login and one-time password to Yandex.Passport. If they pass the test, you will automatically log in to your browser. If the transmitted password turns out to be incorrect (for example, because you entered your PIN incorrectly in Yandex.Key), the browser will display a standard message about an incorrect password.
Signing in with a Yandex account to a third-party application or website
Applications or sites that need access to your Yandex data sometimes require you to enter a password to sign in to your account. In such cases, one-time passwords will not work - a separate application password must be created for each such application.
Attention. Only one-time passwords work in Yandex applications and services. Even if you create an application password, for example, for Yandex.Disk, you won't be able to log in with it.
Transfer of Yandex.Key
You can transfer the generation of one-time passwords to another device, or set up Yandex.Key on several devices at the same time. To do this, open the Access control page and click the button Device replacement.
Several accounts in Yandex.Key
The same Yandex.Key can be used for multiple accounts with one-time passwords. To add another account to the app, when setting up one-time passwords in step 3, tap the icon in the app. In addition, you can add password generation to Yandex.Key for other services that support such two-factor authentication. Instructions for the most popular services are provided on the page about creating non-Yandex verification codes.
To unlink an account to Yandex.Key, tap and hold the corresponding portrait in the app until a cross appears to the right of it. When you click on the cross, the linking of your account to Yandex.Key will be removed.
Attention. If you delete an account that has one-time passwords enabled, you won't be able to get a one-time password to log in to Yandex. In this case, it will be necessary to restore access.
Fingerprint instead of PIN
A fingerprint instead of a pin code can be used on following devices:
smartphones under Android control 6.0 and a fingerprint scanner;
iPhone starting from model 5s;
iPad starting from Air models 2.
Note.
On iOS smartphones and tablets, the fingerprint can be bypassed by entering the device passcode. To protect against this, turn on the master password or change the password to a more complex one: open the Settings app and select Touch ID and password .
To use enable fingerprint verification:
Master password
To further protect your one-time passwords, create a master password: → Master password .
With a master password, you can:
make sure that instead of a fingerprint, you can only enter the Yandex.Key master password, and not the device lock code;
Backup copy of Yandex.Key data
You can back up the Key data on the Yandex server so that you can restore it if you lose your phone or tablet with the application. The data of all accounts added to the Key at the time the copy was created are copied to the server. More than one backup cannot be created, each subsequent copy of the data for certain number phone replaces the previous one.
To get data from a backup, you need to:
have access to the phone number that you specified when creating it;
remember the password you set to encrypt the backup.
Attention. The backup contains only the logins and secrets needed to generate one-time passwords. The pin code that you set when you enabled one-time passwords on Yandex must be remembered.
It is not yet possible to delete a backup copy from the Yandex server. It will be deleted automatically if you do not use it within a year after creation.
Create a backup
Select an item Create a backup in the application settings.
Enter the phone number to which the backup will be linked (for example, "380123456789") and click Next.
Yandex will send a confirmation code to the entered phone number. Once you receive the code, enter it in the app.
Create a password to encrypt the backup of your data. This password cannot be recovered, so make sure you don't forget or lose it.
Enter your password twice and click the Done button. Yandex.Key will encrypt the backup, send it to the Yandex server, and notify you about it.
Restoring from a backup
Enter the password you set when creating the backup. If you do not remember it, unfortunately, it will be impossible to decrypt the backup.
Yandex.Key will decrypt the backup data and notify you that the data has been restored.
How one-time passwords depend on the exact time
When generating one-time passwords, Yandex.Key takes into account current time and time zone set on the device. When an internet connection is available, the Key also requests exact time from the server: if the time is set incorrectly on the device, the application will correct for this. But in some situations, even after the amendment and with the correct pin code, the one-time password will be incorrect.
If you are sure that you are entering the PIN code and password correctly, but you cannot log in.
