Two-step authentication
Two-step authentication (also known as two-factor, 2FA, multi-factor authentication, or MFA) adds security to your account because it requires two things:
- Something you know (your password)
- Something you have (your mobile phone)
If your password was stolen, it wouldn't be of any use without your phone. And the same if your phone is stolen.
Setup
Installing an authenticator app
Particle two-step authentication uses an Authenticator app on your mobile phone. You can use any compatible Authenticator app, but two we recommend are:
You only need to install one of them.
Enable two-step authentication on your account
You will be asked if you want to enable two-step authentication when you log in:
If you decline, and decide you want to enable it later, go to the enrollment page.
Scan the barcode
You only need to scan the barcode once. It associates your Particle account and your phone.
Save your recovery codes
If you lose your phone or it's damaged, you can use recovery codes. You should save the list of recovery codes in a safe place. Each recovery code can only be used once.
You will be given the option to either download a file containing recovery codes, print a physical copy of the recovery codes, or copy them to your clipboard during the two-step authentication enrollment.
Using two-step authentication
From the web
When logging into sites like the Particle Console or Web IDE after entering your username and password, you'll be prompted for your login code.
Open the Authenticator mobile app you installed earlier. A 6-digit login code is displayed that you enter into this page. Each code is only valid for a short period of time.
From the Particle command line interface (CLI)
The Particle CLI also allows two-step authentication:
$ particle login
? Please enter your email address user@company.com
? Please enter your password [hidden]
Use your authenticator app on your mobile device to get a login code.
Lost access to your phone? Visit https://login.particle.io/account-info
? Please enter a login code 058421
> Successfully completed login!
From the Particle cloud API
- You can use the Javascript API to log in using two-step authentication and manage settings.
From the mobile apps
Two-step authentication is also supported from the iOS and Android Particle mobile apps.
Note that the Particle mobile apps for iOS and Android will be deprecated in the future.
Other topics
Lost phone
If you lose or are otherwise unable to use your phone, you will need to use the recovery codes you received when you signed up for two-step authentication.
After using a recovery code, we recommend disabling two-step authentication if you have permanently lost access to your mobile phone.
You will only be able to enter a recovery code when using login.particle.io (not in any other interface like the CLI or mobile apps).
Lost recovery codes
If you lose your recovery codes (but still have your phone) you can find the remaining recovery codes in your account info page.
You will lose access to your account permanently if you lose both your phone and recovery codes. We cannot disable two-step authentication from support for security reasons.
Shared accounts
If you need to share an account among multiple users, we do not recommend enabling two-step authentication as it would require a shared mobile device, as well.
Disable two-step authentication
You can disable two-step authentication using the account info page.
Change to a different mobile device
To change the mobile device you use for generating login codes, simply disable two-step authentication from the account info page and then enable it again. You will be able to scan the code on your new device.
It's not possible to authenticate with two different mobile devices for a single account.