Two-Factor Verification for Backblaze

August 3rd, 2015

Backblaze Two-Factor Authentication

Backblaze users can now activate and use two-factor verification on their Backblaze Online Backup account. When enabled, two-factor verification, known widely as two-factor authentication, requires that a person present both their account credentials and a verification code from a second device to gain access to their Backblaze account. This feature is available immediately to all Backblaze users and does not require an update to be used. Two-factor verification is off by default. To enable two-factor verification, the Backblaze account owner must log in to their Backblaze account and activate it from the “My Settings” menu.

A Quick Overview of Two-factor Verification (2FV)

Two-factor verification means a user has to supply two different factors to gain access to their account. It is based on the premise that an unauthorized user is unlikely to be able to supply both factors required for access. In the case of Backblaze, an unauthorized user would need to have both your Backblaze account login information and access to your phone before they could access your Backblaze account and the data therein.

By activating two-factor verification you are requiring yourself as the Backblaze account owner to have the second device, typically your phone, available when you log in to your Backblaze account. It is important to weigh the added security of two-factor verification against the possibility that you will not have the second device with you when you require access to your Backblaze account.

Below is an overview of how to activate and use two-factor verification. You can also visit our knowledge base for more information.

Activating Two-factor Verification

  1. Log in to your existing Backblaze account.
  2. Open the “My Settings” page as shown below:
  3. Two-Factor Verification Settings

  4. Click on the “Sign in Settings” link on the right hand side. If you already have a phone number set up for your account, please go to Step 4. If you do not have a phone number set up for your account you will see the following screen:
  5. Two-factor verification phone setup

    In the “Verify Phone Number” window, you’ll enter your phone number and then verify it is correct by having Backblaze send a verification code to the phone. That verification code is entered in this window. You can not turn on two-factor verification without successfully completing this step.

  6. Once you have a phone number set up for your account, you’ll see the screen below when you click on the “Sign in Settings” link:
  7. Two Factor Verification Sign In

  8. Choose the two-factor verification setting you desire and select “Update” to change the setting.
  9. The set-up/change of your two-factor verification setting is now complete.

Using Two-factor Verification

Let’s say you have selected the “Every time I sign in” option for your two-factor verification setting. Here’s what happens when you sign in to Backblaze:

  1. Click the sign-in button and enter your Backblaze account credentials.
  2. A unique text message is sent to the phone number on your account, as shown below:
  3. Two Factor Verification

  4. At the same time the “Two-Factor Verification” screen is presented, as shown below:
  5. Two Factor Verification Code Entry

  6. Enter the code from the text message you received into the “Two-Factor Verification” screen, then press “Enter Code”. You have 10 minutes to enter the code. If you do this correctly you will be logged in to your Backblaze account.

If you have questions or need assistance with the two-factor verification feature, please visit our knowledge base.

A Few Things to Know

  • You will be sent a unique verification code to use each time you receive a code.
  • You can not set your own verification code.
  • You can turn the two-factor verification on and off as desired once you are logged in.
  • Two-factor verification is completely compatible with the use of a Private Encryption Key.
Andy Klein

Andy Klein

Andy has 20+ years experience in technology marketing. He has shared his expertise in computer security and data backup at the Federal Trade Commission, Rootstech, RSA and over 100 other events. His current passion is to get everyone to back up their data before it's too late.
Andy Klein

Latest posts by Andy Klein (see all)

  • Gergoe

    Hey there, was searching for google authenticator or similar instead of sms, but no news since two years ago. Is it anywhere in the roadmap?

  • kvnhe

    I’m really glad Backblaze added this feature. Even though I’ve given feedback to support a while back, I wanted to post it here also. Please add an option to generate a backup code. If for whatever reason I don’t have access to my phone to receive the SMS, am I out of luck? Does Backblaze have an alternate recovery option if a phone number gets compromised with 2FV enabled?

  • Patrik Einarsson

    Hi, Its been 2 years since this discussion started, any news on adding support for app based 2FA such as Authy or similar?

    • Hey there! I’m sorry to say that we still don’t have an ETA – it’s on the roadmap but other things are taking higher priority at the moment.

    • SMS shouldn’t be used for 2FA, clearly better security is not they priority and that worries me.

  • Love the 2FA option. I’ve had trouble getting text messages on my phone when abroad. (Specifically for Amazon’s 2FA).

    Please add support for Google Authenticator. At the moment I’ll have to turn it off when going abroad. which is no good.

  • Sam

    “Come and try it!” except we won’t let you! Thanks for nothing!!! People without a phone # that can be texted to DO exist. If I want your two-step security, I’ll take it. But WHY force it down my throat and not even allow me to try the service?!

  • Jon Massey

    Great stuff, apart from the fact our office is in a mobile signal blackspot… If I get the code delivered on the way home will I be able to enter it the next day when I’m back in the office?

    • Yea, it has a timeout, but you can always request another code!

  • Christopher Luce

    Not supplying my cell phone number so you can spam me. Lemme know when you are ready to actually compete with S3 rather than play dress-up.

    • Will do! Keep an eye on the blog ;-)

  • John McClane

    A good progress guys, thx.

  • Marco Brambilla

    2-factor is always great, glad to hear it. BUT: I have 2 computers on the same account, now this means only one of us will receive the code.

    I saw YevP’s answer, but this makes it actually counterproductive and not usable, we can’t risk someone to be in an emergency to retrieve data and being locked out of the acccount because the one with the registered telephone is traveling and on a different continent. Much better to use something like Google Auth.

  • Ron

    Awesome, 2FV is a great idea, and pretty common sense in the case of protecting backups.
    I will throw in the standard reply of “hopefully it’ll support Authenticator one day”, considering text messaging isn’t always an option, whether it be for reception reasons, travel overseas, lost device, etc.
    Good job Backblaze!

  • Mike

    Only problem is no alternative is provided if one’s phone is not available, damaged, lost, and so on.

  • andra

    Hi Backblaze Team! Great step forward in security. But aren’t there any backup codes like Google have it?

  • mAurelius

    Thank you for adding this important security feature, it is greatly appreciated! Another useful addition down the road would be additional phone numbers that are authorized to receive codes. Would be helpful for business users who have multiple computers on one account.

  • thank you guys this is amazing! I use it on every account that allows it and it totally makes sense with a backup service !!

  • Totally get that you had to start somewhere, but adding a software implementation of two factor authentication (2FV) would be really great! Like others in this message thread, I use 1Password to manage 2FV since I can’t always receive SMS messages (e.g., poor signal). I hope our many comments for a software implementation of 2FV bumps it up your backlog!

  • bendodson

    Just adding another vote for using an authentication app (I use 1Password for auth codes personally)

  • David Jerde

    What happens if my phone stops working, or it simply is not in a service area when I need to login to my Backblaze account?

    • If you write in to support, they’ll walk you through it!

  • Phil

    Fantastic

  • Greg Small

    Google Authenticator is my preferred solution. But, for those of us International folk who have a “home” cell phone and a “traveling” cell phone it would be nice to be able to pick the number to which the code was sent. I do understand this is a start – but I wanted to get my vote in early.

  • Outstanding; been waiting for this. Any chance you’ll support Google Authenticator or Authy?

    • We had to start somewhere! While we don’t have a time-frame, we do hope to add more functionality to the 2FV feature, but for now we wanted something that the vast majority of folks could utilize quickly!

      • bkkthailand

        +1 for adding google authenticator

      • Thiago Figueiró

        How about now? Is it available?

        I travel between AU, US and UK a lot and don’t have access to SMS across these countries.

      • VulturEMaN

        Please consider adding google authenticator support.

      • Jim Cövert

        +1 to Google Authenticator. NIST now recommends against using SMS for 2FA.

  • This is everything I need now! Thank you for the extra layer of security.

  • stevo81989

    Text messages though??? Would much prefer Google Authenticator

    • Have to start somewhere! This is a start and while we don’t have a time-frame, we do hope to add more functionality to the 2FV feature!

      • stevo81989

        Ah, thats great to hear! Having multiple options is certainly ideal.

    • +1 for Google Authenticator support

  • aerosolkid

    Any plans to add 2-factor apps like Authy or Google Authenticate?

    • Have to start somewhere! This is a start and while we don’t have a time-frame, we do hope to add more functionality to the 2FV feature!