For UK Cyber Essentials I need to set up MFA on my computer, but I have no idea where to start...
The regs satate:
When not using multi-factor authentication, which option are you using to protect your
external service from brute force attacks?
A. Throttling the rate of attempts
B. Locking accounts after 10 unsuccessful attempts
C. None of the above, please describe
The external service that you provide must be set to slow down or stop attempts to log in if the wrong username and
password have been tried a number of times. This reduces the opportunity for cyber criminals to keep trying different
passwords (brute-forcing) in the hope of gaining access.
CE Requirement: You must protect your chosen authentication method (which can be biometric authentication,
password or PIN) against brute-force attacks. When it's possible to configure, you should apply one of the following:
β’ βthrottling' the rate of attempts, so that the length of time the user must wait between attempts increases
with each unsuccessful attempt - you shouldnβt allow more than 10 guesses in 5 minutes
β’ locking devices after more than 10 unsuccessful attempts
Aegis Authenticator is a free, secure, and open-source 2FA app for Android that supports TOTP and HOTP, making it compatible with thousands of services.3 However, setting up system-wide 2FA on Ubuntu using Aegis Authenticator is not straightforward, as Aegis is primarily designed for Android devices. For Ubuntu, you can use tools like Google Authenticator or other 2FA solutions that are compatible with Linux.
To enable 2FA on Ubuntu, you can follow these steps:
Install the necessary package for 2FA. For example, you can use the libpam-google-authenticator package.8
Configure the PAM (Pluggable Authentication Module) to use 2FA. This involves editing the configuration files and adding the necessary lines to enable 2FA.8
Generate a QR code for the 2FA setup and scan it with a 2FA app like Google Authenticator or Aegis.8
Verify the setup by entering the 6-digit 2FA code from the app into the terminal.8
While Aegis Authenticator is not directly compatible with Ubuntu, you can use it on your Android device to generate 2FA codes for your Ubuntu system. Additionally, there are other 2FA apps and tools that are more suited for Linux environments, such as Gnome Authenticator.5
If you are using a Gnome-based Linux distro, you might consider using Gnome Authenticator, which can import and export Aegis format.12 This allows you to manage your 2FA tokens across both your Android device and your Linux system.
