Development Tools Lecture 25: Alibaba Cloud MFA Binding Chrome Browser Authenticator Plugin
This article is the 25th lecture of the development tool chapter . When logging in to Alibaba Cloud products, you need to use mfa to log in. It is troublesome to read the mfa code on your mobile phone every time. Chrome browser provides a quick login method that can improve the efficiency of verification codes.
Article Directory
1. Background
When logging in to Alibaba Cloud products, you need to use mfa to log in. It is very troublesome to use your mobile phone to read the mfa code every time . Google Authenticator is a dynamic password tool launched by Google to solve the problem of malicious attacks on your accounts on various platforms. It provides a quick login method that can improve the efficiency of verification codes.
like this
Use Google Authenticator for secondary authentication. After turning on Google Authenticator, log in to your account. In addition to entering the username and password, you also need to enter the dynamic password on the Google Authenticator. The dynamic password on Google Authenticator is also called one-time password. The password changes dynamically according to the time or the number of uses (by default, it changes every 30 seconds)
Use ideas
- 1. For the first request, if it is judged that the Google verification code is not bound, then a random base32 secret key will be generated and displayed on the page for the user to create an account, or a QR code will be generated for the user to use the Google Authenticator to scan the code to create an account on the mobile phone
- 2. Binding verification, input the verification code generated by the mobile app Google Authenticator to the platform that needs to be logged in for verification, and store the secret key in the database after success;
- 3. After binding, generate a QR code for each request to query the secret key of the database;
- 4. Unbind and clear the data in the database.
2. Alibaba Cloud MFA is bound to Chrome browser
1. First, you need to go to the Chrome store to download an authenticator Google Authenticator
2. After installation, fix it to the top of the browser for easy viewing
3. Enter account security information management
4. If the status displayed here is Enabled, click Disable, and then click Enable
5. After clicking Enable, you will enter this page
6. Use the Google Authenticator to scan the QR code, add an account, and you can verify the MFA through the chrome browser; then open the Alibaba Cloud app, and enter the MFA code of the corresponding account for 2 consecutive times (note that the account number of the Alibaba Cloud app must be consistent with the authenticator, otherwise a security code error will be reported here)
3. easyConnect is bound to Chrome browser
easyConnect is a LAN software that can help users use all systems and applications of the company's intranet outside the office
Binding the Chrome browser is similar to the above solution
1. First open the Google Authenticator on the mobile phone, click "Transfer Account" in the upper left corner,
2. After clicking, you will enter this page and get the QR code information
3. Use Google Authenticator to scan this QR code, add an account, and you can verify easyConnect through the chrome browser
