Yandex launched an application that allows you not to remember complex passwords, and joined the race for security
To bookmarks
Yandex has launched a two-factor authentication mechanism and a new Yandex.Key application that generates an access code to a Yandex account on a mobile device. This will prevent you from remembering a complicated password for security purposes. TJ was informed about this by representatives of the company.
Updated: two hours after the announcement from Yandex, the introduction of two-factor authentication was reported in the Mail.Ru Group.
"Yandex.Key" allows you not to remember complex passwords
In order to use Yandex.Key, you still have to come up with and remember a four-digit PIN code. Temporary passwords that will be used to log into your Yandex account will be sent to your mobile device and will be valid for 30 seconds.
However, you can log in without entering a one-time password. QR codes appeared in the authorization form on Yandex: they can be read using a smartphone camera through Yandex.Key. Users of Apple mobile devices do not need to remember their PIN code: for them, access to the application is possible through a fingerprint read using the Touch ID sensor.
The two authentication factors in this case are the PIN code (or fingerprint), which only the user has, and knowledge of the connection between the Yandex account and the mobile device with Yandex.Key - it is stored on the company's servers. Secret codes are generated simultaneously using both the PIN and the “secret” from Yandex servers. The company also explained that the authentication procedure is one-step: login requires only one action (entering a one-time code or scanning a QR code).
Need more security
This is not the first appearance of two-factor authentication in Yandex. Prior to that, it was used in Yandex.Money and in the company's internal services, Yandex told TJ.
Representatives of the company say that their two-factor authentication procedure is more reliable, because temporary passwords are generated from letters, and not from numbers, as is the case with competitors. In addition, the user does not need to first enter his login and password: he is authorized using only the login and a QR code or a temporary password.
Usually, with two-factor authentication, the user is asked to log into the account using their username and password, and then confirm their identity - say, using SMS. It's even easier for us. It is enough to enable two-factor authentication in the "Passport" and install the Yandex.Key application. QR codes appeared in the authorization form on the main page of Yandex, in Mail and Passport. To enter the account, the user needs to read the QR code through the application - and that's it.
Vladimir Ivanov, Deputy Head of the Yandex Operations Department
If the user simultaneously forgets his PIN and loses access to the SIM card linked to the account, he will still have the opportunity to restore his account. To do this, he will have to go through a standard procedure: fill out a questionnaire and talk with the support service, Yandex explained.
Users who have two-factor authentication enabled are usually more careful about such things - for example, they indicate their real first and last name, by which access can be restored using an identity document. And from the Yandex.Key application, you can open a special access recovery form - in case the smartphone was stolen in order to gain access, there is a secret level of protection.
press service of "Yandex"
The two-factor authentication procedure has been launched as a beta version. The company said that it is participating in the bug bounty program - you can get a cash prize for finding vulnerabilities: judging by the ad, it ranges from 5.5 to 170 thousand rubles.
Mass "murder" of passwords
Users don't want to remember complex passwords and generally don't use two-factor authentication, considering it too complicated. Statistics show that the most popular passwords of 2014 are still "123456", "password" and "qwerty".
Yandex decided to use QR codes and Touch ID after analyzing various studies that showed that from 0.02% to 1% of the audience of various services use the standard two-factor authentication procedure.
Yandex is not the first company to join the race to improve user security and at the same time refuse to remember complex passwords. In October, Twitter similar to "Yandex.Key" platform called Digits, positioning it as a "password killer".
With the help of Digits, users will be able to log in to several services at once: at the start, Twitter announced a partnership with the FitStar fitness tracker, the Resy restaurant reservation service, and the OneFootball app for sports fans. The Digits platform is also integrated into the new Twitter Fabric Developer Suite.
Yandex told TJ that they were going to open the ability to log in to other applications using Yandex.Key - its appearance is planned in the next updates of the program
Like most services, Digits uses a mobile phone for registration and verification, sending a code via SMS or through a contact inside the messenger. This method is used, for example, in WhatsApp and Telegram messengers.
The Facebook mobile application has long had its own Code Generator service, which allows you to log in using temporary codes. With Google, you can enable two-factor authentication for your account and use the Google Authentificator app, which gives access by QR code or by entering a security code. After the scandal with the leak of personal photos of celebrities in Apple, too, the security of iCloud users.
Similar functionality to Google in June and in VKontakte, however, the social network said that such security measures for most users are unnecessary. There is no two-step authentication in the Mail.Ru mail service.
Updated at 15:34: A few hours after the announcement from Yandex, the Mail.Ru portal launched two-factor authentication for Mail, Cloud, Calendar, Game Center and other projects, company representatives told TJ. To enter, the user needs to use his password and the code received via SMS to his mobile phone.
The company emphasized that closed beta testing of two-factor authentication began at the end of December with the support of the Habrahabra community.
Internet services can increase the level of security indefinitely, however, the "weak link" is often the safety of the user's password. If the second protection factor is enabled, then in order to enter the account, the attacker will have to take possession of not only the password, but also the victim’s mobile phone, which is much more difficult.
We have been asked to implement this feature mainly by advanced users, but I really hope that it will become popular with a wider audience.
Anna Artamonova, Vice President of Mail.Ru Group
You can enable two-factor authentication in . You will need the Yandex.Key app, which can be installed on an iOS or Android mobile device. A device that does not support app installation (such as Amazon Kindle Fire) cannot be used.
After you enable two-factor authentication:
All Yandex applications, programs and services will require a one-time password. You will also need a one-time password when logging in using a social network and logging into your Mail for Domains box.
You don't have to enter your login and password if you log in to Yandex using a QR code.
Third party mobile apps, computer programs, and mail collectors will need to use individual app passwords.
Note. To transfer your account to another smartphone or tablet, open the page and click the button Device replacement.
The setup takes several steps. Two-factor authentication is enabled only after you click the button Finish setup on the last step.
- Step 2: Create a PIN
- Step 3. Set up Yandex.Key
Step 1: Verify your phone number
If a phone number is linked to your account, the browser will show this number and ask you to confirm or change it. If your current phone number is not linked to your account, you will need to link it, otherwise you will not be able to restore access to your account yourself.
To link or verify a number, request a code via SMS and enter it into the form. If the code is entered correctly, click the Confirm button to proceed to the next step.
Step 2: Create a PIN
Think up and enter a four-digit pin code for two-factor authentication.
Attention. As with many bank cards, only you know the pin code and you cannot change it. If you forget your PIN code, Yandex.Key will not be able to generate the correct one-time password, and you will only be able to restore access to your account with the help of the support service.
Click the Create button to confirm the entered PIN.
Step 3. Set up Yandex.Key
Yandex.Key is required to generate one-time passwords for your account. You can get a link to the app directly on your phone or install it from the App Store or Google Play.
Note. Yandex.Key can request access to the camera to recognize QR codes when adding accounts or when authorizing using a QR code.
Click the button in Yandex.Key Add an account to the app. Yandex.Key will turn on the camera to scan the QR code displayed in the browser.
If you cannot read the QR code, click the link in your browser Show private key, and in the application - a link or add it manually. In place of the QR code, the browser will display a sequence of characters that must be entered in the application.
After recognizing the account, the application will ask for the pin code that you created in the previous 2FA setup step.
Step 4. Check the one-time password
To make sure everything is set up correctly, you need to enter a one-time password in the last step - two-factor authentication will only turn on when you enter the correct password.
To do this, you need to correctly enter the pin code that you created in the second step in Yandex.Key. The application will show a one-time password. Enter it next to the Enable button and click this button.
Attention. Applications developed in Yandex require a one-time password - even correctly created application passwords will not work.
- Login with QR code
- Transfer of Yandex.Key
- Master password
- How one-time passwords depend on the exact time
Login to a Yandex service or application
You can enter a one-time password in any Yandex authorization form or applications developed by Yandex.
Note.
The one-time password must be entered in time while it is displayed in the application. If there is too little time left before the update, just wait for the new password.
To get a one-time password, launch Yandex.Key and enter the pin code you set when setting up two-factor authentication. The application will start generating passwords every 30 seconds.
Yandex.Key does not check the PIN you entered and generates one-time passwords, even if you entered your PIN incorrectly. In this case, the created passwords also turn out to be incorrect and you will not be able to log in with them. To enter the correct pin code, just exit the application and start it again.
Features of one-time passwords:
Login with QR code
Some services (for example, the Yandex home page, Passport and Mail) allow you to log in to Yandex by simply pointing the camera at the QR code. At the same time, your mobile device must be connected to the Internet so that Yandex.Key can contact the authorization server.
Click on the QR code icon in the browser.
If there is no such icon in the login form, then you can log in to this service only with a password. In this case, you can log in using the QR code in the Passport, and then go to the desired service.
Enter the pin code in Yandex.Key and click Login using QR code.
Point your device's camera at the QR code displayed in the browser.
Yandex.Key recognizes the QR code and sends your login and one-time password to Yandex.Passport. If they pass the test, you will automatically log in to your browser. If the transmitted password turns out to be incorrect (for example, because you entered your PIN incorrectly in Yandex.Key), the browser will display a standard message about an incorrect password.
Signing in with a Yandex account to a third-party application or website
Applications or sites that need access to your Yandex data sometimes require you to enter a password to sign in to your account. In such cases, one-time passwords will not work - a separate application password must be created for each such application.
Attention. Only one-time passwords work in Yandex applications and services. Even if you create an application password, for example, for Yandex.Disk, you won't be able to log in with it.
Transfer of Yandex.Key
You can transfer the generation of one-time passwords to another device, or set up Yandex.Key on several devices at the same time. To do this, open the Access control page and click the button Device replacement.
Several accounts in Yandex.Key
The same Yandex.Key can be used for multiple accounts with one-time passwords. To add another account to the app, when setting up one-time passwords in step 3, tap the icon in the app. In addition, you can add password generation to Yandex.Key for other services that support such two-factor authentication. Instructions for the most popular services are provided on the page about creating non-Yandex verification codes.
To unlink an account to Yandex.Key, tap and hold the corresponding portrait in the app until a cross appears to the right of it. When you click on the cross, the linking of your account to Yandex.Key will be removed.
Attention. If you delete an account that has one-time passwords enabled, you won't be able to get a one-time password to log in to Yandex. In this case, it will be necessary to restore access.
Fingerprint instead of PIN
A fingerprint instead of a pin code can be used on the following devices:
smartphones running Android 6.0 and a fingerprint scanner;
iPhone starting from model 5s;
iPad starting with Air 2.
Note.
On iOS smartphones and tablets, the fingerprint can be bypassed by entering the device passcode. To protect against this, turn on the master password or change the password to a more complex one: open the Settings app and select Touch ID and password .
To use enable fingerprint verification:
Master password
To further protect your one-time passwords, create a master password: → Master password .
With a master password, you can:
make sure that instead of a fingerprint, you can only enter the Yandex.Key master password, and not the device lock code;
Backup copy of Yandex.Key data
You can create a backup copy of the Key data on the Yandex server so that you can restore it if you lose your phone or tablet with the application. The data of all accounts added to the Key at the time the copy was created are copied to the server. More than one backup copy cannot be created, each next copy of data for a specific phone number replaces the previous one.
To get data from a backup, you need to:
have access to the phone number that you specified when creating it;
remember the password you set to encrypt the backup.
Attention. The backup contains only the logins and secrets needed to generate one-time passwords. The pin code that you set when you enabled one-time passwords on Yandex must be remembered.
It is not yet possible to delete a backup copy from the Yandex server. It will be deleted automatically if you do not use it within a year after creation.
Create a backup
Select an item Create a backup in the application settings.
Enter the phone number to which the backup will be linked (for example, "71234567890" "380123456789") and click Next.
Yandex will send a confirmation code to the entered phone number. Once you receive the code, enter it in the app.
Create a password to encrypt the backup of your data. This password cannot be recovered, so make sure you don't forget or lose it.
Enter your password twice and click the Done button. Yandex.Key will encrypt the backup, send it to the Yandex server, and notify you about it.
Hello dear friends. Today I will tell you how to set up two-factor authentication for your Yandex account and set a password for Yandex.Disk. This will protect the main account and improve the security of individual Yandex applications.
Protecting personal data is the biggest problem on the Internet. Users often neglect security rules. They create simple and identical passwords for different Internet resources, store them in electronic boxes, passwords from which are also used on other resources. These are just a few of the common mistakes.
If an attacker gains access to one of the accounts, other user resources will also be at risk. And if we take into account the fact that viruses are able to remember passwords entered from the keyboard, then the situation will seem even sadder. That is why every Internet user must follow elementary security rules:
- Create complex passwords.
- Do not use the same passwords for different Internet resources.
- Change passwords regularly.
And also use additional methods of protection. One of these methods is two-factor authentication of a Yandex account.
How does two-factor authentication work?
As you know, access to a restricted area, such as email, the site's admin panel, social network accounts, requires a username and password. But, this is only one level of protection. In order to enhance protection, many services introduce additional authentication methods, such as sms confirmation, usb keys, mobile applications.
I already told you about. Where, in addition to the login and password, the mobile application generates a security code. So Yandex two-factor authentication works in much the same way.
That is, an additional level of protection is the Yandex.Key mobile application, which cancels the old Yandex account password and generates a new, one-time password every 30 seconds.
With this level of protection, access to the account is possible only with a one-time password or a QR code.
It's just enough to make certain settings and in the future you point your smartphone's camera at the QR code and get access to your Yandex account.
And if you can't use your smartphone's camera or you don't have access to the Internet, you can always use the one-time password that is generated in the mobile application even without the Internet.
The security of the Yandex.Key mobile application itself is ensured by the PIN code that you create when you connect your account to the application.
Well, if you have an Apple smartphone or tablet, you can use Touch ID instead of a pin code.
Thus, access to your data will be more securely closed.
Setting up two-factor authentication.
To get started, on the Yandex main page, log into your account in the traditional way. Then click on your account name (mailbox name) and select "Passport".
On the newly opened page, click on the graphic switch, opposite "Two Factor Authentication", and then on the button "Start setup".
The setup procedure itself consists of 4 steps that will need to be completed on a computer and mobile device.
Step 1: Verify your phone number.
If you previously linked a phone number to your Yandex account, you can immediately receive a confirmation code. If not, then enter the phone number and press the button "To get the code".
The code will be sent to the specified number. You need to enter it in a special field and click the button "Confirm".
Step 2. Pin code for the mobile application.
At this step, you need to come up with and enter a pin code for the mobile application twice. It is this code that will open access to the application on a smartphone or tablet.
Enter the code and click on the button "Create".
Step 3. Installing the Yandex.Key mobile application and adding an account.
So, from your smartphone or tablet, you go to Google Play (for Android) and the App Store (for apple gadgets). Next, download and install the Yandex.Key app.
Open the app and click on the button "Add Account to App".
Adding an account to the Yandex.Key mobile app
After that, you will need to point the camera of the mobile device at the monitor screen, where at that moment you will have a QR code displayed. Point to this code.
So, go back to the computer, and click on the button "Next step".
Step 4. Entering the password for the Yandex.Key mobile application.
After waiting for a new key update in the mobile application, enter it on the computer and press the button "Turn on".
After that, you will need to enter the old password for your Yandex account and click the button "Confirm".
Completing the two-factor authentication connection
Everything is ready. You've secured your account with two-factor authentication. Now you need to re-login to your account on all devices using a one-time password or a QR code.
How to log in to your account using Yandex.Key.
Everything is extremely simple. On the main page of Yandex, in the login and registration panel, click on the ellipsis icon (...), and select Ya.Klyuch in the menu.
Or, you can use the traditional login method, using a login (mailbox address) and a password (one-time password for the Yandex.Key mobile application).
How to set a password for Yandex.Disk.
By enabling two-factor authentication, you can create separate passwords for third-party applications that connect to your account. This mechanism turns on automatically after connection.
This way you will use a password that is only suitable for the drive.
By using different passwords for applications, you strengthen the frontier of protecting your data.
To create a password, you need to go to the access control page, select an application, enter a name and click the button "Create a password".
The password will be generated automatically and displayed only once. Therefore, copy this password to a safe place. Otherwise, this password will need to be deleted and a new one created.
Now, when you connect Yandex.Disk via the WebDAV protocol, you will use this password.
Note: App passwords should be used even if you disable two-factor authentication. This will protect you from revealing the main password to your Yandex account.
How to disable two-factor authentication.
In order to disable two-factor authentication, you need to go to the access control page and click the switch (On / Off).
Then enter a one-time password from the Yandex.Key mobile application and press the button "Confirm".
Creating a new password for Yandex account
Now you will use your username and password to log into your account, as you did before.
Important: when authentication is disabled, passwords created for applications are reset. They must be recreated.
And now I propose to watch the video tutorial, where I clearly show the whole procedure.
That's all for today, friends. If you have any questions, I will be happy to answer them in the comments.
I wish you success, see you in new video tutorials and articles.
Sincerely, Maxim Zaitsev.
Many users whose activities are related to making money on the Internet or storing important information online try to protect their accounts from hacking and theft of confidential data.
Of course, a complex password that includes numbers and letters, as well as special characters, is quite reliable protection, but two-factor authentication provides the maximum effect.
However, not everyone knows about this option to protect their accounts, and this is despite the fact that today more and more services (mailers, social networks, etc.) offer to take advantage of this opportunity.
What is two-factor authentication?
So, what kind of protection are we talking about? In fact, you've come across two-step verification before. For example, when you are going to perform any transaction with money on the WebMoney website, then, in addition to your login and password, you will need to specify a confirmation code that will be sent to your mobile phone.
In other words, two-factor authentication is the second key to your account. If you activate this option, for example, in Evernote (there is such a possibility), then an attacker who managed to guess the password for this note service will face another problem - the requirement to specify a one-time code that comes to your phone number. It is worth noting that in the event of an attempt to hack your account, you will receive an SMS, and you can instantly change your password.
Agree that this is a very convenient option, using which you will be less worried about the loss of personal information.
Where is the best place to use?
Of course, some users may object, arguing that two-step verification is too much "excessive movements", and in general, it is intended for paranoids who always think that someone is watching them.
Perhaps they are right about something. For example, for social networks it is not necessary to use this method of protection. Although even here it is debatable. As a rule, attackers try to hack the accounts of administrators of popular "publics". And you, most likely, also would not like to notice one day that your account in one of the "social networks" was hacked and completely indecent photos were posted on the "Wall".
As for other services, for example, Yandex two-factor authentication will allow you to safely store your registration data from WebMoney and others) or letters containing secret information.
Google account protection
One of the most popular services today is Google. It is here that you can register an e-mail box for yourself, store documents on Google Drive, create a blog or YouTube channel for free, which can later bring you profit.
In order for users to be sure of the safety of documents stored on mail or disk, they are offered two-factor authentication by Google. You must be logged into your account to activate it.
Now, having opened, for example, a mailbox, pay attention to the profile picture in the upper right corner. Click on it and go to "My Account". Here you need the "Security and Sign In" section, namely the "Google Account Sign In" link.
On the right you will see the option "Two-step verification", where you need to click the arrow to activate it. A window will open in which you are interested in the "Proceed to setup" button. Enter your password and follow further instructions.
Two-factor authentication "Yandex"
Yandex also offers its users a lot of useful services. In addition to cloud storage of information on Yandex.Disk, you can get yourself an electronic wallet, where you will withdraw money earned on the Internet.
And, of course, Yandex did not stand aside and also offers its users to use two-factor authentication to protect documents stored in the mailbox.
To enable it, you will need to follow a few simple steps. Log in to your account and click LMB on the profile photo (upper right corner). Select "Passport" from the drop-down menu. A window will open in which you need to click on the "Access Control" link. Set the "slider" to the "ON" position. You will be redirected to a page where you need to click on the "Start setup" button. Now go through the 4 stages of activating two-factor protection.
Social network VKontakte"
As mentioned above, attackers usually try to gain access to the accounts of the “admins” of popular groups. But this is not always the case, because simply the personal correspondence of some well-known person on the Internet may be of interest.
It is worth noting that for some users this method of protecting an account eventually becomes annoying, as it requires constant input of a secret code, in addition to the login and password. In such cases, you need to know how to disable two-factor authentication. However, first we will deal with the activation of this option.
In fact, turning on two-step verification is very simple. Select "My Settings" and then go to the "Security" tab. In the Login Confirmation section, click the Connect button. Now consistently follow all the requirements.
Disabling two-factor authentication
In order to deactivate two-step protection in Yandex, you will need to go back to your Passport by clicking on your profile picture. After that, open the "Access Control" section and set the slider to the "Off" position.
Conclusion
Now you know what two-loop authentication is and why you need it. By using this or that service, you can activate this additional protection or refuse such an opportunity.
Of course, in some cases it is highly recommended to enable 2-Step Verification. For example, when registering for WebMoney, you indicated the mail from Yandex. Working on the Internet, you can become a victim of hackers who break into your mailbox and gain access to your e-wallet. To prevent this from happening, it is better to install and link e-mail to the phone. Thus, you can quickly respond if someone tries to hack you.
