Two-factor authentication is a security mechanism that asks users to access an account after passing two layers of security. Generally, one layer of security is username and password and another layer is the passcode that may be static or generated at the time of authentication.

Most of the attacks may be avoided if users set a strong password and enable two-factor authentication. This blog guides you to enable factor authentication in Linux-based distributions in 5 easy steps.

Step 1: Open Terminal

Login into a Linux system and open a terminal screen.

Step 2: Install Google Authenticator

sudo apt install libpam-google-authenticator

Step 3: Configuration

Open Terminal and shoot the below command:

sudo nano /etc/pam.d/common-auth

Enter the below piece of code and save the file.

auth required pam_google_authenticator.so nullok

Step 3: Install Google Authenticator on your smartphone

Now, take your smartphone and install Google Authenticator on your device.

Step 4: Setup Google Authenticator

Open Terminal screen and type the below command:

google-authenticator

Now, scan the QR code by your mobile device using the Google Authenticator app and add an account. After successful addition, a Linux account is added and 6 digits dynamic code is displaying on the screen. This code will change after 30 seconds.

Provide answers for the following questions while setup google authenticator.

Do you want me to update your "/home/kali/.google_authenticator" file? (y/n) y

By default, three tokens are valid at any one time. This accounts for
generated-but-not-used tokens and failed login attempts. In order to
decrease the likelihood of synchronization problems, this window can be
increased from its default size of 3 to 17. Do you want to do so? (y/n) y

If the computer that you are logging into isn't hardened against brute-force
login attempts, you can enable rate-limiting for the authentication module.
By default, this limits attackers to no more than 3 login attempts every 30s.
Do you want to enable rate-limiting? (y/n) y

Step 5: Check whether two-factor authentication is enabled successfully or not

Log out from your current account. Now enter your username and password.

After entering a password, enter the code available in Google Authenticator app.

If you are able to login successfully, that confirms you configured two-factor authentication successfully.

Conclusion

This blog guide you to enable two-factor authentication on your Linux distribution by using the Google Authenticator app. You can also use another authenticator app to configure two-factor authentication. There are a lot of options to add an extra layer of security, using Authenticator is one of them. We will also explore other possibilities that can be used as a second layer of authentication.