CentOS Two Factor Authentication with Google Authenticator
- 
 The PAM Module is no longer provided in EPEL for EL7  
- 
 Looks like a lot of places are having the same issue that they are posting the repo info but it does not exist. You can do this instead... yum install gcc gcc++ make python python-devel git pam-devel cd /tmp git clone https://code.google.com/p/google-authenticator/ cd google-authenticator/libpam make make install cd /tmp rm -Rf google-authenticator/
- 
 I used this guide: http://www.thefallenphoenix.net/2015/03/ssh-multi-factor-centos-7/ But like a idiot, I setup the root account, not my account..... This will cause a issue if for some reason Google Authenticator doesn't work, right? 
- 
 @Aaron-Studer said: I used this guide: http://www.thefallenphoenix.net/2015/03/ssh-multi-factor-centos-7/ But like a idiot, I setup the root account, not my account..... This will cause a issue if for some reason Google Authenticator doesn't work, right? Yes, that would be a problem  
- 
 This seems like it might be a better option  
- 
 This looks much, much easier to install/use: 
- 
 How To Install Authy And Configure Two-Factor Authentication For SSH 
 https://www.digitalocean.com/community/tutorials/how-to-install-authy-and-configure-two-factor-authentication-for-ssh
- 
 I don't like SMS as an authentication method because I've found SMS to be very unreliable. Here in Europe it is tons more reliable than in the US, but you don't want a tower outage or being in a "dead spot" to stop authentication. I worry enough about the "on the phone" app losing power (my phone is dead right this second, for example) or getting lost or whatever causing a lack of access but using SMS on the phone adds secondary network connectivity as an additional breaking point. If I lose my phone, phone breaks, battery is dead, I lose cell coverage OR I lose network access I can't log in. That is more and more points of failure. 
- 
 Also, SMS is not secure at all. I've had SMS hijacked before. So less than ideal as a security method. It's a second factor so that is not the end of the world, but I have definitely spent a year working in a situation where that would not have been a second factor at all and using it would have been nothing but a placebo. 
- 
 @scottalanmiller said: I don't like SMS as an authentication method because I've found SMS to be very unreliable. Here in Europe it is tons more reliable than in the US, but you don't want a tower outage or being in a "dead spot" to stop authentication. I worry enough about the "on the phone" app losing power (my phone is dead right this second, for example) or getting lost or whatever causing a lack of access but using SMS on the phone adds secondary network connectivity as an additional breaking point. If I lose my phone, phone breaks, battery is dead, I lose cell coverage OR I lose network access I can't log in. That is more and more points of failure. I completely agree. This is why I use Authy. No SMS. Best part of all it is removes the requirement to use your phone. 
- 
 Ah, Authy doesn't require SMS? Cool, will look into it more then. 
- 
 @scottalanmiller I think your confusing Two Factor Authentication with SMS. You can do 2FA with SMS, but it's not as common anymore. Take a look at this link: http://security.stackexchange.com/questions/47901/how-does-authys-2fa-work-if-it-doesnt-connect-to-the-server 
- 
 If Authy would integrate with Touch ID, that would be amazing! 
- 
 This is also a good read: http://stackshare.io/posts/how-authy-built-a-fault-tolerant-two-factor-authentication-service/ 
- 
 @scottalanmiller said: (my phone is dead right this second, for example) Authy lets to sync across devices, so unless you phone/iPad/computer/Wife's Phone are all dead, then it still works!  
- 
 @Aaron-Studer said: @scottalanmiller I think your confusing Two Factor Authentication with SMS. No, I definitely know what both are. I think you are quoting someone who was wrong in the article because someone said that to them there too trying to claim that a code over SMS isn't two factor authentication, but it most certainly is as they get pointed out in the article too. All the images I see of Authy show it uses SMS codes as its second factor. Hence why I thought that that was what they used. If they don't use insecure SMS, why do they advertise it so much? 
- 
 Also, you can use Authy completely offline  
- 
 I see on their site that SMS is a fallback. They show way too many pictures of it, it make it look like SMS was the process, not an emergency fallback for people living in the dark ages. 
- 
 This post is deleted!
- 
 Look what I just found!  
