This post is part of a series on the top 10 things I look at when securing my home Linux installations. You can find the other posts here.
Tips 1 through to 5 generally apply system-wide – that is, they are system configuration choices you will make. Tips 6 through to 10 are more per-user choices. This distinction won’t make much difference in a home environment where each device is dedicated to a single user. It will begin to be apparent in an environment where more than one user users a device.
Use multi-factor authentication (MFA)
Multi-factor authentication, or MFA, is designed to prove you are who you say you are. A service using MFA for authentication will require you to provide at least two factors in order to login. For example,
- something you know (eg, a username-password comb), and
- something you have (an access code on a separate device or a token)
Two-Factor Authentication (or 2FA) is MFA that requires exactly two factors to be provided for authentication.
Multi-factor authentication is not the perfect solution to security woes. There are tales of hackers working around it. However a malicious actor will have to work harder to bypass MFA rather than a single username-password combination.
Most major vendors use some form of MFA in their application. For instance you can set up your Facebook account to use an authentication app.
Examples of authentication apps are:
- FreeOTP – open source, sponsorted and published by Red Hat
- Twilio Authy app – free, but closed source, though Twilio does sponsor some open source projects. Twilio state that the app is free because it is paid for by businesses using the Authy API.
- Google Authenticator app – free, but closed source (latter since 2013). It’s part of Google’s two-step verification option.
Major vendors like Apple, Google and Amazon may use another kind of MFA called a One Time Passcode (OTP) when users login – by sending a code via text message, email, or out to a registered device. You will then need to enter that code in order to proceed with login.
Recap of my top 10 tips for securing Linux @home
Update: My remaining posts this week are on women in tech. I will be back another week with thoughts on Tip # 7 – Threat-detection. Meanwhile, like or comment to let me know what you thought of this tip!
A glossary of terms is available here.
Once again, ensure you’re familiar with the disclaimer here!