Get Stronger Account Protection with Web Authentication (WebAuthn) Support

Two-factor authentication (2FA) is one of the most important steps you can take to secure your accounts, which is why DNSimple has supported two-factor authentication for many years using TOTP (Time-based One Time Password). Now we're introducing even stronger multi-factor authentication with support for the Web Authentication API (WebAuthn).

You can now use built-in biometric support, like Apple Touch or Face ID, hardware security keys, like YubiKeys that support FIDO/WebAuthn, or other security devices that support the WebAuthn standard, to keep your domains as secure as possible.

Protect your domains with MFA

Multi-factor authentication (MFA) helps ensure the protection of your most important domains. A single authentication factor, especially one based only on a combination of password credentials, presents a security risk. By adding an additional factor, even if someone gets access to your password, they can't log in as you, because they won't have access to your second factor.

For businesses, MFA protects against weak passwords and password theft. It helps your organization stay compliant with security requirements. By combining two or more independent authentication factors, MFA strengthens your company's security position and helps you remain resilient in the face of modern security threats.

Hardware keys are the strongest form of authentication available at this time. They offer higher protection against phishing, differentiate legitimate websites, and, unlike 2FA, are connected to a physical device that must be present. They work similarly to other MFA methods — after a user presents their credentials, they're directed to enter an additional factor, like a fingerprint or a USB key that must be activated. WebAuthn is a standard for implementing public key encryption, and with DNSimple's WebAuthn support, you can now use a variety of hardware security devices as your second authentication factor.

How does MFA work?

MFA with WebAuthn is available to all customers, on every plan. To enable additional factors, go to User Settings and click Add in the 2-Step Verification card. You'll be prompted to name the key. Clicking Register Key will prompt you to verify your identity using an available option, like a USB security key, or your current device if it has built-in support for public key encryption. You can add as many of these factors as you want.

After you've verified the key, you can use it when you log in. We'll prompt for any WebAuthn factors after you perform your initial password-based authentication. You can also still use your ToTP-based generator if you previously set one up, or a one-time recovery code if none of your other factors are available.

Why use MFA?

Adopting MFA with passwordless devices is an important step towards ensuring all your domains are secure. Whether you use DNSimple for your personal domains or your business, Multi-Factor Authentication will increase the security on your account. Every DNSimple user with a passwordless device, like Apple's Touch or Face ID, or hardware keys, like those from YubiKey, can use WebAuthn with DNSimple.

If you don't have a DNSimple account, try us for free for 30 days. If you have any questions around MFA, WebAuthn, or anything else about DNSimple, get in touch – we're always here to help.

Share on Twitter and Facebook

Anthony Eden

I break things so Simone continues to have plenty to do. I occasionally have useful ideas, like building a domain and DNS provider that doesn't suck.