This topic describes how to enable a multi-factor authentication (MFA) for your Alibaba Cloud account with Token2 programmable hardware tokens. After an MFA device is enabled, it provides additional security protection for your Alibaba Cloud account.
- An AlibabaCloud account
- A Token2 programmable token (only the second generation tokens are compatible with Epic accounts)
- An Android device with NFC* - this is needed for the enrollment only, subsequent logins will only require the hardware token
- TOKEN2 NFC Burner app* - make sure you have the latest version (at least 2.1). Previous versions of the app do not support longer seeds generated by Alibaba account 2FA system
[* Windows version is also available, but this guide will use Android as an example]
To enable two-factor authentication on AlibabaCloud:
- Have your Android device with NFC and TOKEN2 NFC Burner 2 app installed and your hardware token ready
- On your desktop browser, log on to the Alibaba Cloud console.
- Move the pointer over the account icon and click Security Settings.
- In the Account Protection section, click Edit.
- On the displayed page, select a scenario (we suggest selecting both Log In and Modify) and select TOTP.
- On the next screen click Next to start the procedure (Note: if this is the first time you modify your MFA settings, the system will ask you to verify your email again)
- On the next page, you will see the QR code that you will have to use to burn your Token2 hardware token
- Launch the TOKEN2 NFC Burner app on your Android device and hit QR button
- Point the camera to the QR code shown on the AliBaba Cloud account page. Upon a successful QR scan, the camera window should disappear.
- Turn on the TOKEN2 token and touch it with your phone (make sure it is overlapped by the NFC antenna) and click "Connect" on the app
- Upon successful connection, click the "Burn seed" button. If NFC link is established and the code is correctly scanned, you should see a status window showing "Burning..." and eventually (in a second or two), "burn seed successful.." message in the log window
- After completing the burning process, turn the token display off and turn it on again
- Enter the 6 digits code displayed by the token to the "6 digits" field on the AlibabaCloud account page and click Next
- Upon successful code verification, the following window should appear, which completes the enrollment process