Security is something we take very seriously at Backblaze. All Backblaze backups occur over HTTPS, are encrypted, and we even have private encryption key functionality available for those who wish to add another layer of protection. In 2015, we added two-factor verification (“2FV”) via SMS to our service, which allowed customers to use a mobile device to verify that they were indeed the ones accessing their Backblaze accounts. Today we are announcing our latest step in helping customers protect their Backblaze accounts – two factor verification via authenticator applications like Google Authenticator and Authy. To enable that, we now support the “ToTP” protocol.
What is ToTP?
ToTP stands for Time-based One Time Password, and it allows customers to use service like Google Authenticator, Authy, or others to access their accounts in a more secure way. This is the underlying authentication algorithm for the vast majority of authentication apps on the market today. A user that has ToTP enabled can use their authentication app of choice for an added layer of security. Users will first log in with their account’s username and password, the incremental layer of security happens next – the authenticator app will generate a time sensitive password that is valid for only one use.
For a lot of people receiving SMS messages is cumbersome, and doesn’t always work. Now Backblaze users can choose 2FV via SMS or authentication app.
Enabling Two-Factor Verification:
When you log in to your Backblaze account, on the left-hand side go to “My Settings”, and navigate towards the middle of the page where you will see your “Sign-In Settings”, click on that to make the change.
Once done, you will be able to select the frequency at which Backblaze will ask for an advanced authentication method, and you will be able to select your desired method, Two-Factor Verification via SMS or App.
That’s it! We hope you like it!