Generally, the advice to keep your accounts secure on the internet is to use unique, long, and strong passwords. This is good advice; however, two-factor authentication or 2FA is an extra layer of protection for your account, making it even less likely to be compromised.
A little on Two-Factor Authentication
Password authentication revolves around the concept of something you know, in this case, the password. The problem with this approach is that this knowledge can be gained by other people; often, this happens via data breaches or because people tend to choose weak passwords.
2FA authentication uses both something you know and something you have, generally your password and a mobile phone. By requiring a password, you still have the protection of that knowledge, which prevents someone who steals or finds your phone from having access to all of your accounts. Using a phone or authenticator token, your identity is also verified by the fact that you have your device.
The approach of both something you know and something you have is significantly more secure than either concept on its own. This is because it adds significant complications to any illegitimate actor attempting to gain access to your account. For example, if someone guesses or discovers your password, they still need to access your device. Alternatively, if someone steals your phone, they still need your password to be able to sign in. Typically the sort of person that would or could be in a position to do one can’t do the other as easily.
Typically, there are three methods of 2FA: SMS, authenticator app, and the authenticator token. With SMS, a one time, and time-limited code is texted to your confirmed mobile number and must be entered to sign in. With authenticator apps, you either get a similar code you need to enter or approve a push notification, depending on the app. Authentication tokens have a time-based number generator; you just need to submit the current number to gain access to your account.
How to Turn on Two-Factor Verification on Slack
Slack supports the use of both SMS and authenticator app authentication. To enable either, you need to go into your account settings. Click on your profile picture in the top-right corner, then click “View profile.”
In your profile, click the triple-dot icon labeled “More.” Then click on “Account settings” in the dropdown menu.
In the account settings, click on “Expand” in the “Two-factor authentication” field. Click “Set up two-factor authentication.”
Enter your password to confirm ownership of the account. Then select whether you want to use SMS or an authenticator app.
Tip: If you want to use an authenticator app, you will need to install it on your phone at or before this point. Slack suggests the following authenticator apps, although others may work too.
- iPhone: Google Authenticator, Duo Mobile, 1Password, Authy, Microsoft Authenticator
- Android: Google Authenticator, Duo Mobile, 1Password, Authy, Microsoft Authenticator
- Windows Phone: Duo Mobile
If you’re using an app, follow the process to add a new account to the app. Once you’re ready, scan the QR code on your screen with your phone camera to connect, enter the six-digit confirmation code, and click “Verify code.”
If you prefer to use SMS, choose your country from the list. Enter your phone number, including any applicable country or area country codes. Enter the six-digit confirmation code you receive via text, then click “Verify code
Tip: If you are a member of multiple workspaces, you will have to configure 2FA independently for each workspace as they are treated as separate accounts.
Note: You should securely back up the “Backup codes” you receive as these can be used once each in case you lose access to your device. If you lose your device and backup codes, you will need to ask a workspace admin or owner to remove 2FA from your account.
2FA is a strong security tool designed to significantly increase account security levels. By following the steps in this guide, you can configure 2FA to apply to your Slack account.