By popular request from our community, we’re happy to announce two new security features now available on all App.net accounts: two-factor authentication and application-specific passwords.
Two-factor authentication on App.net
Two-factor authentication is designed to keep your account safe in the event your password is compromised. Our two-factor authentication implementation augments your password — i.e. something you know — by requiring you to enter an ever-changing numerical code displayed on your phone or tablet — i.e. something you have.
Enabling two-factor authentication is a simple process that involves a few steps. You’ll need to install a one-time password app (like Google Authenticator, available for iOS, Android, and Blackberry) on your phone and scan a QR code from your computer. Your one-time password app will generate a six-digit code, which you will enter into your App.net settings when prompted.
After completing these steps, every time you log in to your App.net account, you will enter your authenticated code from your phone or tablet.
During the process, you will be given a set of back-up codes in case you lose your phone or tablet. It is important to print those codes out and keep them in a safe place.
You can enable two-factor authentication on the Security section of your account settings.
Application-Specific Passwords on App.net
The second feature — application-specific passwords — is just as important and helps keep your account’s main password safe. When a native app requests that you log in, instead of using your account’s main password, you can generate a special one-time use password. This can be used by itself or in conjunction with two-factor authentication.
This password cannot be used to authenticate other applications, nor can it be used to gain additional permissions beyond the permissions initially granted.
You can enable application-specific passwords on the Security section of your account settings.
Both of these features help to protect your App.net account, content, and access to third-party apps built on the App.net API.