We are happy to announce the availability of Two-Factor Authentication (2FA) on Derpibooru! For those who don’t know, 2FA is an excellent way to help secure your account against someone trying to access it without your permission.
Two-factor authentication works on the basis of generating a time-based one-time-use six digit code (known as a “one time password” or “OTP”), which is submitted alongside your password when logging in. That way, if your password is ever compromised (such as someone guessing it or you using the same password on another site that got hacked), an attacker would still not be able to access your account without your OTP.
To use two-factor authentication and generate one time passwords, you will need to install an authenticator app on your smartphone, such as Google Authenticator for Android and iOS. Then go to your account page, and you will see a QR code. Scan that using your authenticator app, and then enter the “response” number it provides to confirm it is setup correctly and click “save”. Your account will then be enabled for 2FA, and you will be given a list of “backup codes” which are not time-based, so that you can login to the site still if your authentication app is unavailable.
It is very important to keep those backup codes in a safe place, because if your authenticator app ever becomes unavailable (such as if you lose your phone), you will not be able to login to your account and/or disable 2FA without them.
After two-factor authentication is setup on your account, every time you log in, you will be prompted to enter your one time password. Simply open your authenticator app, and enter the six digit code your app generates, and it will log you in. And if you ever need to, you can disable it via your account page. If you do not have access to your authenticator app, you can use one of the backup codes you were provided.
Note that if you enable two-factor authentication on your account, and then lose access to both your authenticator app and your backup codes (or if you don’t save your backup codes), we will not likely be able to help you regain access to your account. So please, be very certain to keep your backup codes in a safe place (or two safe places) if you use this feature.
This is an optional feature, you do not need to enable two-factor authentication on your account if you do not wish. Additionally, once it’s enabled you can disable it by going back to your account settings and entering a OTP or backup code to disable it.
I would like to give a huge thank you to both DJDavid98 and MrMeow for implementing this feature on the site, as well as byte[] for testing and bug fixing.
Cheers!
Joey
Help fund the $15 daily operational cost of Derpibooru - support us financially!