As our user base continues to grow, we want to encourage a security-first mindset for our customers. We’ve added security questions and the ability to register a verified phone number for two-factor authentication (2FA).
Adding answers to three security questions is the most secure method to regain access to your user account if your 2FA device is no longer available to you, or you otherwise no longer have access to the recovery codes. If you lose access to your 2FA device and do not have security questions enabled, you may be unable to regain access.
Adding security questions takes approximately two minutes. Answers to your security questions must be 17 characters or less, including spaces. These questions are intentionally designed to be personalized to each account holder, so answers cannot be researched or discovered by bad actors.
Adding a verified phone number provides Akamai cloud computing services with a secure authentication method. We strongly recommend keeping your phone number on file, but you do have the option to opt out of phone verification notifications, and your phone number will be deleted. Standard carrier message fees may apply to receiving verification codes via SMS.
How to Get Started
- Log in to Cloud Manager;
- Navigate to My Settings via the profile dropdown;
- Select Login & Authentication;
- Add security questions; and
- Follow the prompts to add and verify your phone number via SMS.
Follow along with Developer Advocate Gardiner Bryant to set up 2FA on your account.
Learn more about account security options. If you find yourself locked out of your account, we’re always here to help. Refer to our Recovery Procedures if you encounter any login issues or open a Support ticket to contact our team.
The security questions sound like a terrible idea.
“These questions are intentionally designed to be personalized to each account holder, so answers cannot be researched or discovered by bad actors.”
There are questions with topics like “oldest sibling” or “make and model of first car”, stuff people tell about in their social media posts or profiles. For a targeted attack it can be trivial to find the answers to all of these questions if the account holder answered them truthfully.
And if an attacker can bypass 2FA with these questions your account ends up being more insecure than before.