We recognize the central role that Docker Hub plays in modern application development and are working on many enhancements around security and content. In this blog post we will share how we are implementing two-factor authentication (2FA).
Two-factor authentication increases the security of your accounts by requiring two different forms of validation. This helps ensure that you are the rightful account owner. For Docker Hub, that means providing something you know (your username and a strong password) and something you have in your possession. Since Docker Hub is used by millions of developers and organizations for storing and sharing content – sometimes company intellectual property – we chose to use one of the more secure models for 2FA: software token (TOTP) authentication.
TOTP authentication is more secure than SMS-based 2FA, which has many attack vectors and vulnerabilities. TOTP requires a little more upfront setup, but once enabled, it is just as simple (if not simpler) than text message-based verification. It requires the use of an authenticator application, of which there are many available. These can be apps downloaded to your mobile device (e.g. Google Authenticator or Microsoft Authenticator) or it can be a hardware key (e.g. YubiKey). To learn about these solutions:
Two-factor authentication is enabled in your Docker Hub Account Settings, under the Security tab.
The basis of TOTP is that you will need to share a one-time secret between Docker Hub and your authenticator app – either through a unique QR code or 32-character string. After this initial synchronization, your authenticator will run an algorithm to change the passcode at a preset interval (typically under a minute) so it is now a time-sensitive piece of information only you have access to – the second component of 2FA. Subsequent logins into Docker Hub will ask for this passcode in addition to your password.
As the initial synchronization is an important part of the TOTP process, it is also a piece of information that is very sensitive; you do not want someone else gaining access to this initial secret. As a result, we do not share the code after your initial synchronization has been confirmed. If you lose your mobile device or access to your authenticator app, you will not be able to login with 2FA.
This is why it is critical to save your recovery code. You will need the recovery code that is presented when you enable 2FA the first time. Save it somewhere safe so you can recover your account when needed!
One additional note: Many Docker users access their Hub account through the CLI. Once you’ve enabled 2FA, you will need to create a personal access token in order to log into your Hub account from the CLI. Traditional username and password combinations will not work once you have enabled 2FA. Personal access tokens can be created from the same Security tab under Account Settings.
For detailed instructions on enabling and using 2FA during the beta, please refer to the following:
We’d love for you to try the two-factor authentication beta in Docker Hub today and give us feedback at https://github.com/docker/hub-feedback/issues
In addition to moving 2FA to general availability in the near future, we are also preparing to add support for further authentication controls:
The docker manifest command does not work independently to perform any action. In order to work with the docker manifest or manifest list, we use sub-commands along with it. This manifest sub-command can enable us to interact with the image manifests. Furthermore, it also gives information about the OS and the architecture, that a particular image was built for. The image manifest provides a configuration and a set of layers for a container image. This is an experimenta
Following the second video about Docker basics, in this video, I explain Docker architecture and explain the different building blocks of the docker engine; docker client, API, Docker Daemon. I also explain what a docker registry is and I finish the video with a demo explaining and illustrating how to use Docker hub.
What is DevOps? How are organizations transitioning to DevOps? Is it possible for organizations to shift to enterprise DevOps? Read more to find out!
Join me with guest Docker Captain Elton Stoneman to talk about the state of Docker Desktop and Docker Hub. Support this show on Patreon! It's the #1 way to support me interviewing DevOps and container experts, and doing this Live Q&A.
What is DevOps? What are the goals it helps achieves? What are its benefits? This article has answers!