Two-factor authentication (2FA), also known as multi-factor authentication (MFA), is an extra layer of security used when logging into websites or applications. With 2FA, you log in with your email address and password and provide another form of authentication to which only you know or have access.
The second form of authentication is a code that's generated by an application on your mobile device or sent as a text message (SMS). The only way to sign into your account is to know both your password and have access to authentication on your phone.
We strongly urge you to enable 2FA for the safety of your account, not only on remote.it, but on other websites and apps that support 2FA. You can enable 2FA to access remote.it on the web portal, desktop and mobile apps. The CLI does not support 2FA so you will need to generate and use an access key and secret and use them for authentication when 2FA is enabled on your account.
If you are using Google Sign In for you account, you can configure your google account for 2FA separately which will affect all of the apps which you use with your google account, not just remote.it. Learn more here.
Configuring 2FA
You can configure 2FA in the account section of the remote.it web portal. We strongly recommend using a time-based one-time password (TOTP) application to configure MFA. TOTP applications are more reliable than SMS, especially for locations outside the United States.
Configuration using a TOTP Application
A time-based one-time password (TOTP) application automatically generates an authentication code that changes after a certain period of time. We recommend using cloud-based TOTP apps such as:
- Google Authenticator
- 1Password
- Authy
- LastPass Authenticator
- Microsoft Authenticator
- OTP Auth (iPhone)
Tip: To configure authentication via TOTP on multiple devices, during setup, scan the QR code using each device at the same time. If 2FA is already enabled and you want to add another device, you must re-configure 2FA.
-
Download and set up a TOTP app
-
Go to the account page in the web portal
-
Under the heading "Two-factor Authentication", click "Turn On"
-
Select "Authenticator App", then click "Next"
-
Scan the generated QR code with your TOTP app which will generate a TOTP code
-
Enter the code in the provided field and submit
-
Important! Save the generated recovery code
Configuring 2FA using text messages (SMS)
Before using this method, be sure that you can receive text messages and your country can support it. Carrier rates may apply. The SMS text message authorization code is valid for 3 minutes.
-
Go to the account page in the web portal
-
Under the heading "Two-factor Authentication", click "Turn On"
-
Select "SMS Number", then click "Next"
- Enter your mobile number and submit
- You should receive a text message with a verification code. Enter the code in the provided field and submit
- Important! Save the generated recovery code
Access remote.it with 2FA
With 2FA enabled, you'll need to provide an authentication code when accessing remote.it through your browser, desktop and mobile apps. If you access remote.it using other methods, such as the API or the CLI, you'll need to use an access key and secret.
Regardless of using a TOTP App or SMS as your 2FA method, after entering your email and password, you will be prompted to enter your code. If using a TOTP App, open the TOTP App and enter the code for remote.it. If using SMS, you will receive a text message with your code which you will then enter to get access to the web portal, desktop or mobile app.
If using the CLI with 2FA enabled, refer to https://link.remote.it/docs/cli/credential-auth
If using the API, use the access key and secret authentication method.
Generate an access key and secret
2FA recovery code
When you configure 2FA, you'll download and save your 2FA recovery code. If you lose access to your phone, you can authenticate to remote.it using your recovery code.
Warning: For security reasons, remote.it support may not be able to restore access to accounts with 2FA enabled.
After entering your email address and password, you can click the "Can't access two-factor device" link to start the recovery process with your saved recovery code.
Google Sign In
remote.it offers two-factor authorization via direct support for Google authorization in:
- The web portal at https://app.remote.it
- remote.it mobile apps
- The remote.it Desktop application
If you already have a Google/gmail account, you can use this to create and subsequently access a remote.it account. If you do not currently have a Google account, but you have already created a remote.it account, register your existing e-mail account with Google by following instructions to "Use an existing email address" here: https://support.google.com/accounts/answer/27441?hl=en
For sign in at the web portal, desktop application, web admin panel (e.g. on Pi), or mobile apps using Google auth, two-factor rules will be applied by Google in accordance with your Google account settings. See: https://support.google.com/accounts/answer/185839?hl=en