Two-step authentication (also known as two-factor, 2FA, multi-factor authentication, or MFA) adds security to your account because it requires two things:
- Something you know (your password)
- Something you have (your mobile phone)
If your password was stolen, it wouldn't be of any use without your phone. And the same if your phone is stolen.
Particle two-step authentication uses an Authenticator app on your mobile phone. You can use any compatible Authenticator app, but two we recommend are:
You only need to install one of them.
You will be asked if you want to enable two-step authentication when you log in:
If you decline, and decide you want to enable it later, go to the enrollment page.
You only need to scan the barcode once. It associates your Particle account and your phone.
If you lose your phone or it's damaged, you can use recovery codes. You should save the list of recovery codes in a safe place. Each recovery code can only be used once.
You will be given the option to either download a file containing recovery codes, print a physical copy of the recovery codes, or copy them to your clipboard during the two-step authentication enrollment.
Open the Authenticator mobile app you installed earlier. A 6-digit login code is displayed that you enter into this page. Each code is only valid for a short period of time.
The Particle CLI also allows two-step authentication:
$ particle login ? Please enter your email address firstname.lastname@example.org ? Please enter your password [hidden] Use your authenticator app on your mobile device to get a login code. Lost access to your phone? Visit https://login.particle.io/account-info ? Please enter a login code 058421 > Successfully completed login!
Two-step authentication is also supported from the iOS and Android Particle mobile apps.
Note that the Particle mobile apps for iOS and Android will be deprecated in the future.
If you lose or are otherwise unable to use your phone, you will need to use the recovery codes you received when you signed up for two-step authentication.
After using a recovery code, we recommend disabling two-step authentication if you have permanently lost access to your mobile phone.
You will only be able to enter a recovery code when using login.particle.io (not in any other interface like the CLI or mobile apps).
If you lose your recovery codes (but still have your phone) you can find the remaining recovery codes in your account info page.
You will lose access to your account permanently if you lose both your phone and recovery codes. We cannot disable two-step authentication from support for security reasons.
If you need to share an account among multiple users, we do not recommend enabling two-step authentication as it would require a shared mobile device, as well.
You can disable two-step authentication using the account info page.
To change the mobile device you use for generating login codes, simply disable two-step authentication from the account info page and then enable it again. You will be able to scan the code on your new device.
It's not possible to authenticate with two different mobile devices for a single account.