Setting Up Two-Factor Authentication
Enabling two factor authentication will allow users to add a second layer of security for logging into their VPS.
Traditionally when logging into your VPS you will need to know the username and password. However by setting up two factor authentication you will need to enter the username, password, and then verify the login from a smartphone application or text code. This ensures that only authorized access is allowed.
In this guide we will use a third party service from Duo (they offer free service for users will 10 or less accounts).
Step 1 - Create a Duo account here: https://signup.duo.com/
Step 2 - After creating an account, navigate to the admin area - https://admin.duosecurity.com/login
Step 3 - In the left side menu, click "applications"
Step 4 - Inside of the new window click "protect an application" and search "RDP". In the search results you should see a result that says "Microsoft RDP". Click "protect this application" next to this result.
Step 5 - On the next page Duo will give you your API hostname, integration key, and secret key. You will need to keep this information available for when you install the application on your VPS.
Step 6 - Open Google Chrome on your VPS, and download the Duo application. Here is a direct download link that you can copy and paste right into the Chrome window on your VPS - https://dl.duosecurity.com/duo-win-login-latest.exe
Step 7 - Run the Duo installation file. During the installation process you will be asked for your API hostname, integration key, and secret key from step 5. Enter this information as displayed on the Duo website. You can change the remaining settings as you wish, however we recommend leaving them as default.
Step 8 - Finally we need to enroll the user account for two factor authentication inside of the Duo admin panel. To do this click the "User" side menu option, and then click "add user".
Step 9 - Enter the username of your VPS (for example if the username that you use to enter the VPS is Administrator, enter Administrator into the box) and click add user. Complete the additional steps Duo requires in order to enroll the user with two factor authentication rights.
After you have completed these steps you can test to make sure that two factor authentication works by simply logging into your VPS. Upon login you should now see a screen requiring you to verify your login by Duo Push or Passcode. If you have downloaded the Duo mobile application you can select the push option, which will send you an alert through the app from which you can allow the login. Alternatively you can opt to get an SMS message with a code that you need to enter in order to verify the login.
*Please note* - In the event that you are not able to access the VPS because you can not verify the two factor authentication push notificaton or SMS code we are unable to help you. It is not possible for us to access the VPS if you have two factor authentication enabled.