Increasing MMS Security via Two-Factor Authentication

MongoDB

Cloud
Facebook ShareLinkedin ShareReddit ShareTwitter Share

As of May 28th, the MongoDB Management Service (MMS) requires Two Factor Authentication (2FA) for all MMS users. Two-factor authentication requires you to know your password and have a physical item that proves your identity. In our implementation, that second factor is your phone. So when you log in, after you enter your password correctly, MMS will prompt you for a code that proves you have your phone.

There are multiple ways to receive a 2FA code in real time:

  • Google Authenticator for Android or Apple iOS on your smartphone. Google Authenticator produces time-based codes that do not require a connection to the internet. You seed the Google Authenticator app by scanning a QR code shown to you by MMS during setup. Once seeded, the Google Authenticator app will show you the current code whenever it is running.
  • Text message to a cellphone number. When you set up your MMS account, you can provide a cell phone number to receive your 2FA codes. Whenever you need to login, MMS will send you a code via SMS. SMS works well for most users, however, certain network providers and countries may impose delays on SMS messages. If you’re using text messaging, you’ll also have to have cell service whenever you want to log in to MMS. For example, you may want to log in on an airplane or when traveling internationally. In these cases, Google Authenticator is a good alternative since it does not require a network connection.
  • Voice call to a cell phone. This option is almost exactly like text messaging. When you try to log in, you will get an automated phone call that reads out the 2FA code required to login.

As a backup, you can also generate recovery codes when setting up 2FA within MMS. These are longer codes that can be used in place of a 2FA code when you don’t have access to a phone or your Google Authenticator app. Each recovery code can be used exactly once, and you should save these codes in a secure place. Additionally, you can re-generate your recovery codes in your Two Factor Authentication link under Settings->Profile in MMS. When you generate new recovery codes, you invalidate previously generated ones.

MMS 2FA requires a little extra work but we believe that it provides a significantly improved level of security to MMS users. If you run into any problems setting up your 2FA, please reach out to the MMS Support team.