We recommend that you activate 2FA on your account to help protect you from being compromised in this manner. Keep your account secureĪ common attack vector against accounts occurs when other services are breached and users have re-used their passwords from that breached service on MEGA. You should also backup the master secret of the 2FA app (QR or alphanumeric code) in a secure offline store. If you lose your 2FA device, the Recovery Key is your only way to get back into your account. To ensure you do not lose access to your account, please ensure that you have backed up your MEGA Recovery Key, which you can do here, and keep it in a safe place, separate from your main operating device. Even the best-available second factors cannot protect you if your computer is infected Now is the time to back up your Recovery KeyĮnabling two-factor authentication places a high importance on your second-factor device – if you lose it, you will lose access to your MEGA account. The security benefits and limitations of two-factor authentication, using password managers as a baseline. If you lose your phone, 2FA won’t help if the 2FA app is on your phone and you use MEGA on your phone. You must use a unique strong password, as it protects the root encryption key of all your data on MEGA. Use of 2FA is not an excuse to continue with a weak password, or a password that you have used at other sites. We will also require you to enter a 6-digit 2FA code when doing account changes such as changing your email address or disabling 2FA. This means that there is a low chance of an attacker guessing the correct 2FA code at any particular time, unlike email or SMS verification where the code has to be valid for a much longer time. This prevents access by anyone else who has managed to gain access to your password through breaches in other systems.Įach code is valid for 30 seconds.
Without this 2FA code, you will not be able to log in. Once you have installed an authenticator app and enabled 2FA authentication on your account, MEGA will prompt you for a 6-digit code after you log in using your email address & password.
To use two-factor authentication with MEGA, you will need to have an authenticator app installed, usually on your mobile device, which will generate the code you need to login to MEGA’s system and access your account. MEGA has implemented the TOTP time-based shared secret method, rather than the weaker SMS or email based two-factor authentication systems, as described here. MEGA now supports the option of two-factor authentication across all of our major apps, allowing you to protect your account from fraudulent access and helping to ensure your data is kept safe.
0 kommentar(er)
