In this article you can read how to use two-factor authentication in Bacularis to make your Bacula backup access more secure.
One way strengthen the authentication process is adding a second login factor. In this setting, the first factor in many cases is username/password verification and the second factor can be a one-time code number, hardware device or other auth methods independent of the first factor.
Bacularis has supported two-factor authentication for a long time. For the second step of authentication you can use an authenticator app that displays time-based one-time passwords (TOTP). Now, since version 5.0.0 we have also added the ability to use U2F hardware security keys (FIDO U2F) as a second factor. This is very secure method that uses asymetric cryptograpy and requires a FIDO U2F key (authenticator).
Both two-factor authentication methods (TOTP 2FA and FIDO U2F) can be configured on the user account page on the top left side of the web interface after clicking the user with gearwheel icon. This feature is on the Security tab.
To set up TOTP 2FA method you must have a TOTP-compatible mobile or desktop app. There are many such apps such as Google Authenticator, Authy and many others. Once you open the TOTP configuration in Bacularis, you need to scan the QR code to configure the authenticator app. Then you need to enter the current 6-digit code in text field, apply the changes and that's it. Finally, you need to switch the Bacularis two-factor authentication method to TOTP 2FA. This can be done on the same page in the appropriate drop-down list.
If you have FIDO U2F keys and want to configure them with Bacularis, click the FIDO U2F configuration button on the user account page, then plug the key in. After you can click the add new security key button. You may be asked to enter your key's PIN for confirmation, but may depend on your key's settings. At the end, you can set the key name (for example: "My primary USB and NFC key").
It's a good practice to add two keys, because if you lose the first key you will be able to use the second key to access to the Bacularis web interface. Once you have set up your keys in Bacularis, don't forget to switch the two-factor authentication method to FIDO U2F.
Below you can watch a video tutorial showing how to use FIDO U2F keys with the Bacularis interface.