Secret Double Octopus Wins Another InfoSec Award for Passwordless Authentication. Click to Read More
Read about how Standard Chartered Bank standardized on SDO

What you need to know on two-factor authentication for your Linux machine

Access Management and MFA

What you need to know on two-factor authentication for your Linux machine

Read more
Oct 24, 2017

If you’re running any form of business, there’s a likely chance that you’re using a flavor of the Linux operating system in one way or another. Linux runs on millions of servers, personal computers and IoT devices, and for the most part, these devices are configured to be accessed and administered remotely. In organizations, Linux servers are tasked with running critical functions and storing sensitive information, which means protecting them from unauthorized access is of paramount importance.

But in most cases, devices running the Linux operating system are protected with nothing more than a username and password. And as it’s becoming increasingly evident, in the age of low-cost supercomputing and ubiquitous connectivity, passwords aren’t enough to protect your computer and devices from unwanted access.

With the right tools, a little patience, and an internet connection, hackers will be able to break into your organization’s Linux machines either by running brute-force and dictionary attacks or by staging phishing scams and stealing your password. And from there, anything can happen.

One of the best ways to prevent uninvited parties from accessing your Linux machines is to enable two-factor authentication (2FA). 2FA adds a layer of security to your Linux by requiring users to present an additional token aside from passwords when trying to login. This will prevent attackers from accessing a machine by stealing or cracking a password.

What are the 2FA options for Linux?

Some of the more popular Two Factor Authentication (2FA) mechanisms are physical keys and one-time passwords (OTP) sent via a phone number or a mobile app. Linux currently supports the Google Authenticator, a mobile application that provides you with OTPs during the login process.

When activating support for the Google Authenticator app on Linux, users are given a secret code that they use to link their phone to their account. Afterwards, when logging in or entering a sudo command, the user will be prompted for their password and a one-time password that appears on the associated phone. OTPs expire after a certain amount of time passes and after they’ve been used.

This 2FA method helps improve user account security on Linux user accounts and makes it considerably harder for cybercriminals to gain unwanted access to a Linux machine. However, it has some distinct drawbacks. First, it requires users to enter two passwords, which most users find annoying. The process can also be tedious when you want quick access to your account. Second, the 2FA mechanism relies on a single channel to generate its OTP, which makes it prone to hacks. Should the passcode be intercepted or cloned, or if the secret code is discovered and installed on a second phone, a malicious user will be able to access the Linux account.

Secret Double Octopus two-factor authentication for Linux

In contrast to traditional OTP-based solutions, Octopus authenticator option is both frictionless and more secure. The Secret Double Octopus solution provides users with a mobile app that gives push notifications for login attempts.

When Secret Double Octopus is activated on a Linux account, all the user needs to do is accept or reject the request with a tap on the associated mobile device. There’s no need to type a second password on the terminal.

Moreover, Secret Double Octopus uses a multichannel security mechanism to increase the security of the two-factor authentication. Requests codes are generated based on several different channels and sent to the phone, making them much harder to intercept or reproduce. This makes cloning and man-in-the-middle attacks virtually impossible.

Learn More About Passwordless Authentication for Linux