Two-factor authentication

[Update: January 26, 2017]

When logging into the control panel, in addition to normal password authentication, it is possible to set up two-factor authentication that enhances security by using multiple authentication routes. This page outlines what you need to use and configure two-factor authentication..

1. Overview

When Two-factor authentication is set, to log into the control panel a user must enter a one-time password in addition to the regular member ID (cloud user name) and password.

As a result, the risk of passwords being leaked to third parties or the risk of unauthorized login in the event of a dictionary or brute force password attack is reduced.

Security at the time of member ID login

A user logged in by member ID is assigned the role of the administrator of SAKURA Cloud users, with a higher level of authorization. As such, we recommend setting Two-factor authentication for the member menu, regardless of whether or not it is used in the SAKURA Cloud control panel.

*Effective January 28, 2016, Two-factor authentication is available for login to the Member menu that is common to our services (with registration of Two-factor authentication for login using a member ID available only in SAKURA Cloud discontinued.) When logging in with your SAKURA Cloud member ID, follow the instructions given after Member menu login for Two-factor authentication.

2. TOTP authentication application preparation

The two-step authentication function of SAKURA Cloud Control Panel uses the Time-based One-Time Password algorithm (TOTP) method to implement one-time password authentication, displaying the generated authentication key with a QR code. To use two-factor authentication, you need a device that has a TOTP authentication application with QR code reading installed.

Our company has confirmed the performance of the following as TOTP authentication applications intended for general smartphones, which run on iOS and Android.

3. Enable Two-factor authentication

If the SAKURA Cloud control panel or Object Storage is displayed, click the user or account name on the right top and select Return to Home from the pop-up menu to return to the Home screen.

Click the “Two-step verification” link at the top of the default home screen you are directed to after login.

*Two-factor authentication settings are applied to the currently logged-in user displayed at the top right of the screen. To set for another user, select Log Out on the right side of the user name, and then log in again as a new user.

The Two-factor authentication management screen will appear, on which the activation status of Two-factor authentication and list of trusted devices will be displayed. Initially, Two-factor authentication will be disabled. Select Enable to enable Two-factor authentication.

*By clicking this button when Two-factor authentication has already been set, Two-factor authentication will be re-enabled with current authentication key, trusted devices that have been registered, and the issued recovery code discarded completely.

A confirmation screen will appear. Confirm your device has the TOTP authentication application installed and select Enable.

An authentication key QR code will be displayed. Scan it using your TOTP authentication application.

*By clicking the Abort button, the generated authentication key will be discarded and the Two-factor authentication setting process will be aborted.

After reading is complete, click the Re-login and Confirm button to display the Two-factor authentication Login screen. Enter the number generated by the TOTP authentication application in the One-time Password input field, and then click Enable.

*Please note the one-time password expiration period of 30 sec.

With the previous steps complete, Two-factor authentication is enabled and this user will be required to enter a one-time password for future logins.

4. Register/delete trusted device

By selecting Add This Device as a Trusted Device after Two-factor authentication login, a Device Name input field will appear.

After entering an easily understandable name in the Device Name section and selecting Enable, your currently logged-in device (e.g., computer, tablet, etc.) will be registered as a trusted device. and future authentication by Two-factor authentication will be omitted. (When logging in, use the browser that performed the registration.)

Each device registered as a trusted device is added to the Trusted Device list on the Two-factor authentication management window.

To remove a device from the Trusted Device list , click the “x” button on the right side of the list. You will be required to enter your one-time password the next time you log in with a removed device.

if you enter the wrong password for your member ID or user on a trusted device, it will be automatically deleted from the Trusted Device list and you will be required to enter a one-time password. |br| * Only the previous logged-in member ID for each browser can be registered as a trusted browser. Logging in under another member ID with a registered trusted browser will automatically delete the previous member ID/truster browser registration.

5. Recovery code generation

Entering a recovery code will override Two-factor authentication. We recommend generating a recovery code if for any reason one-time passwords cannot be generated. (i.e., loss of TOTP authentication application.)

To generate a recovery code, click Generate Recovery Code at the top. Only one recovery code is valid at a time, so when a new recovery code is generated, the previoud will be disabled. (recovery code generation can be checked by referring to the Recovery Code in the status section.)

When the confirmation screen appears, click Generate.

A 40-digit recovery code will be displayed. Print and store in a safe place. Please note that once the dialog box is closed, it cannot be reopened.

To use a recovery code, click Enter Your Recovery Code on the one-time password login screen.

Enter the recovery code then click Recover .

Two-factor authentication will be disabled and you can log in to the control panel.

6. Disable Two-factor authentication

Click Disable in order to disable Two-factor authentication.

Two-factor authentication settings will be disabled for the user who is logging in.

7. User management function for member ID login

By logging in to the control panel using a member ID and password you will be able to use the Two-factor authentication management function for created user.

On the User List screen displayed by clicking User at the top of the Home screen, a column has been added enabling confirmation of 2-step authentication settings status for each user..

On the Individual User Settings screen that is displayed by double-clicking a user, you can disable Two-factor authentication and delete all trusted devices..