Secure Your Site with Two-Factor Authentication
Set up two-factor authentication on your Pantheon Drupal or WordPress site as an added security measure.
This section provides information on how to use Two-factor authentication (TFA) to keep your sites secure.
TFA is a security practice that requires your website users to provide a secondary form of authentication in addition to their standard username and password.
The two most common methods of secondary authentication are:
-
SMS messaging
-
One-time code generated via an application on a user’s mobile phone
More advanced methods are also available, including:
-
Biometric information
-
Location through GPS
-
Hardware tokens
For more information, see Multi Factor Authentication in Drupal Watchdog and Two Step Authentication on WordPress.org.
Benefits of Two-Factor Authentication
Two-factor authentication is a helpful security practice because it prevents attackers from compromising accounts by requiring an extra authentication method beyond a username and password to log in. This is important because standard password access can be easy to bypass if the user:
-
Has a simple password that's easy to guess
-
Is observed typing in their password
-
Has used their password on another site that becomes compromised
By requiring a second form of authentication (especially one tied to a physical device like a mobile phone or a USB key), would-be attackers not only have to compromise a user’s password, but also their mobile phone or physical USB key, which makes the attack more difficult.
Single Site TFA
Organization TFA
Pantheon Platform TFA
Log in with Google
The Pantheon Dashboard offers social login with Google, which can be configured to use Google TFA:
We recommend adding an SSH Key to authenticate yourself on Pantheon for operations such as SFTP connections, which allows for more security than a simple password. If you've registered via social login (Connect with Google) and you'd still like to add a password to your account, logout and visit https://dashboard.pantheon.io/reset-password.
Single Sign-on for Orgs
Single sign-on (SSO) allows users to authenticate against your Identity Provider (IdP) when logging into the Pantheon Dashboard. For more information, see Single Sign-on for Pantheon Organizations.