When it comes to web security, we generally do a poor job protecting our accounts. According to a Google/Harris Poll, 52% of people reuse their passwords for multiple logins. Breaches on websites are common that an attack on one site can compromise your account on another site, a practice known as credential stuffing. Passwords on their own aren’t enough to protect you. They account for a large number of data breaches. Most are easily guessed and simple. There needs to be a more secure way to verify who you are. Some opt to use text messages or SMS to verify your identity. However, hackers can easily hack SMS with a process called SIM-swapping. So what other options are there? That’s where Multi-Factor Authentication (MFA) and Two-Factor Authentication (2FA) comes into the picture, adding an extra layer of authentication on top of your username and password.
You might hear 2FA & MFA tossed around. 2FA is essentially a subset of MFA, where MFA can refer to two or more. Essentially it comes down to several ways to verify your identity after your initial authentication. For instance, if you log in with your username & password and then verify with your phone, that’s 2FA. If you also need, for example, a biometric scan after that, that’s 3FA (Three-Factor Authentication). It can go on from there. However, saying 3FA, 4FA, 5FA, etc., can be cumbersome, so we just lumped together as MFA.
On October 6, Tesla finally released 2FA, securing your account. The process involves using an authenticator application. There are many different authenticator apps out there. I tried Google, Salesforce, but now I’m using Twilio’s app called Authy. It doesn’t matter which authenticator you use. Once you link your authenticator app, you’ll see an entry for your site. What it’ll do is generate a unique 6 to 8 digit code that’s valid for 30 seconds. After you log into your Tesla Account with your username & password, you’ll then enter the unique temporary passcode. You’ll get the passcode through the authenticator app. If you enter it correctly, you’ll be able to access your Tesla account.
It may sound intimidating, but it’s quite simple. I’ll walk you through the process of enabling 2FA on your Tesla Account. First, you need to decide on your authenticator app. Like I mentioned before, I am using Authy. Once you have your authenticator app, you’ll want to go to http://tesla.com/teslaaccount to start the process. It’s probably best to use your computer for this or another device.
When you land on your account, you’ll want to click on “Account.”
Next, you’ll see “Multi-Factor Authentication” under Login Credentials. You’ll want to expand this box and click on the “Manage” link.
You’ll see instructions on how MFA will work; we’ll go ahead and click on “Next.”
From here, we’ll see the QR code. We’ll switch to the authenticator app at this point.
Most authenticator apps have a “+” sign or an ability to add an account. When you click on it, you’ll have the ability to scan the QR code. Clicking this will enable the camera on your phone. You’ll then point this to your screen to scan the QR code on your computer.
After you scan the QR code, you’ll be able to name the account and see the temporary passcode.
Once saved, go back to Tesla’s site with the QR code and click next. Tesla will present you with ten backup codes. You’ll be given with these codes only once. You’ll want to save them somewhere secure. In case your phone is lost or stolen, you can use these codes in place of your authenticator codes. These are one-time use codes; once used, they can’t be used again.
If you use an app like Authy, you can enable encrypted backup so that you can use multiple devices to log in. If you don’t want to back it up, you can run through the setup again and add another device. From a security perspective, it’s probably wiser not to do the backup and setup MFA as a completely different device. This way, you can go to the MFA site on Tesla and manage your devices from there.
You have now secured your Tesla account! As far as API access, they still don’t require you to access your passcode, so it won’t immediately break third party apps…yet. If this is your first time running through MFA on an account you have, I would highly suggest you go through all your accounts and secure them with MFA. As you have seen, it’s easy to set up, and it usually just adds one additional layer of verification. It should make you sleep easily at night, knowing that your account is now secure!
If you are in the market for a new Tesla Model S, 3, X or Y and want 1000 free Supercharger miles, please consider using my referral code: https://ts.la/sunil91588 when you make your order online! Or give the code sunil91588 to a Tesla sales representative to get it applied to your order!