The Orange Suit, E01 something you have. AKA using the Two Factor Authentication module on a Drupal website
Trust, authentication. The key factors of the internet in this age where hacking, privacy and security are the biggest threat to freedom on the Internet. Trust starts with authentication. Authentication starts with identification. For some good background, the decade old keynote of Dick Hardt with regards to identity, it is still a classic.
The old adagium is that good authentication can be done by using three factors, something you know, something you have and something you are. For example, a pincode (know), a key (have) and a photo (are).
Two factor authentication combines two of these three for identification, often a password and a one-time-usable code delivered via the phone that you have. Two factor authentication is standard in the offline world, a driver's license (have) with a photo (are) or a bank card (have) with a PIN code (know). And it is about time that we use this Two Factor Authentication (TFA) as the basis for our web presence as well, to log in to your mail, your bank account and to your Drupal website.
This will prevent ugly security incidents or frontpage defacements. People reuse passwords, write them down never change the passwords, have listed passwords or share them and if you have a website where editers and administrators can publically can log in, you will have a security incident waiting to happen.
On drupal.org we use TFA for higher roles. The module being used as d.o is https://www.drupal.org/project/tfa and I do think it should be on every Drupal site.
I always wanted to start a screencast series on Drupal modules for site builders. So it was only logical that the TFA module was the first module I used for this vlog. You can see the screencast called "The Orange Suit" episode 1, "Something you have" and hear why you need this module, how to configure the module and what the module does.
Suggestions for the next episode are welcome as well via one of those channels.