Originally published at: https://blog.particle.io/2018/09/19/announcing-new-device-cloud-features-two-step-authentication-revamped-real-time-event-logs/

At Particle, we believe in empowering you to have all the tools you need to manage your fleet of IoT devices. That’s why we’re proud to announce the launch of two new features in Particle Device Cloud: Two-Step Authentication and a revamped Real-Time Event Logs.

Particle now supports Two-Step Authentication, an industry standard security feature to help keep your account, and subsequently your fleet of devices, protected. The revamped Real-Time Event Logs are designed to improve the experience of examining live data from devices in the field — helping you find the information you need easily.

The best part? Both of these features are available today, included as a part of Device Cloud’s standard suite of features. You can read in-depth about these new and useful features below:

Two-Step Authentication

922×785

When deploying a fleet of connected devices, it is important for your remote devices, IoT applications, and fleet configuration settings to be secure and accessible only by you and approved parties. Two-Step Authentication protects your account by adding a second step to verify your identity when logging in. Even if a bad actor somehow gets ahold of your password, they still will not be able to access your account.

How it works

Logging in with something only you know, along with something only you have reduces the probability of a third party impersonating your identity and accessing your Particle account, remote devices, and other sensitive information. Once you’re signed in, you won’t be asked to enter a verification code again until you sign out completely or close out your browser.

You can activate Two-Step Authentication by enrolling here. You can also read the guide on Two-Factor Authentication in the Particle Docs.

Revamped Real-Time Event Logs

As of today, Particle’s Real-Time Event Logs supports a new user-interface and tools to improve the experience of finding data that is relevant to you:

1. Event filtering - The Event Logs now features robust searching and filtering capabilities to narrow down events by a variety of characteristics like event name, data payload, device, and published at date.
2. Turbocharged performance - Performance of the Event Logs view has been drastically improved to seamlessly handle busy event streams from tens of thousands of simultaneously connected devices without breaking a sweat.
3. Advanced event inspection - When you’ve found the event you’re looking for, use the new event inspector to explore with ease. With built-in pretty-printing for JSON data payloads and the ability to copy-to-clipboard, you’ll get the information you need right when you need it.

What’s Next?

Over time, we plan to layer on more enterprise-grade functionality that will offer this security and flexibility. To learn more about how Particle protects your devices, check out our latest security white paper here.

We’re excited to offer this additional layer of security and control to your IoT devices. Please drop us a line if you have any questions or run into issues. Thinking about deploying at scale? Talk to an IoT expert at Particle to see how we can help you.

@jeiden,
How does the two step login affect other software/services that use my Particle credentials?
Is it possible to go back, in case I want to test it?
Thanks for addressing the security aspect.

Love the much-improved event logs!

@jeiden To be a little greedy, for event filtering can you filter on 2 events, e.g. “event: temp event: humidity” versus one at a time? That would be really handy.

Also, potential “bug” report for event filtering:
range:0-200 [Provides many values including text only, e.g. “PERFECT!” Perhaps it’s matching on “e” in “range”?]
range: 0-200 [with space added, shows no data values that exist between 0 and 200]
event: message [ shows values, e.g. 159, 160, 161]
event: message range: 0-200 [shows no values]

No promisses made, but have a look at this

and the Particle response

If RegEx is considered possible for name filtering I'd guess it'd be thinkable the entire event content too.

How to log in to the Particle IDE after enabling this?

I’m using 1.19.0, which fails…

Hi,

I have a major issue with using my mobile as part of ANY security system. I do not have a ‘smart’ phone, for one. My phone is my phone, its used for… well being phone. Its easy to steal, easy to loose and I am sure we have all left our on our desks from time to time, potentialy giving others access. Also TEXT is not secure. So it is a fundimentally stuipid device to use as a component of any security system.

I take this to the point that I don’t have online banking as all the banks here in the UK use text to send you ‘security’ passwords. In a world were there have been countless documented interception hacks on the mobile phone networks, using phones for security makes no sence.

If I don’t accept this two step system am I now locked out of the particle world?

Liam

Two-step authentication is optional. It will likely always remain optional, not only for customers who don’t have a smartphone, but also because it certain use cases for product creators, a shared account is necessary which is not practical with two-step authentication.

Not sure if anyone else is having issues logging in with 2FA.

I'm using 'Google Authenticator' on Android and constantly get the following error when trying to get past the two-step authentication screen.

Could not validate OTP

I have tried to enter the code at the start, the middle, and the end of the allotted time just in case the issue is latency somewhere. I cannot find a pattern that works. It just seems to be fail, fail, fail, until randomly success.

This has been happening for the past week or two.

Anybody else reported similar problems?

Regards
Sean

I’m having issues with logging in to Particle Dev (1.19.0) on one of my accounts for which I’ve enabled two-factor authentication. Are those two incompatible? If not, how to I enter an authentication code when using Particle Dev? Perhaps I should just disable two-factor authentication for now?

On a related matter, I’ve read that using build.particle.io or Particle Dev or CLI is really just a matter of personal preference. However, I’m wondering if there’s a “recommended” (by Particle) way of developing code. I kinda get the feeling that Particle Dev is not the “ideal” way.

Particle Dev is not currently compatible with two-step authentication. Support will likely be added in the future.

However, long-term Particle Workbench (VS Code) will be the preferred offline development environment. It has way better code editing features, support for offline compiles, and more.

Hi Sean – did you ever resolve this? If so, how?
I cannot sign into any Particle site right now because it keeps giving me the same error message “Could not validate OTP”.

Curious what you did to resolve this.

No resolution. I had so much trouble signing in last time (over an hour, plus being locked out for too many tries) that I have disabled 2FA for the moment.
I plan on setting up 2FA again soon, once I build up some ‘courage’, and will document the process with either screen shots or, preferably, video screen capture.

Probably not what you were hoping for. If you are having the same problem then it would be good to get a few of us could supply screen shots and/or video to assist with the bug hunt.

Cheers
Sean

Argh, ok. I’ve opened a ticket with Particle to figure out what’s the problem. How did you disable 2FA? When I try to disable it, it first asks me to re-authenticate with 2FA, which I can’t do because it’s broken…

I’m guessing you didn’t save any of the backup codes?

Yes I used a backup code (which was still problematic) to login and then disabled 2FA.
I found that if I waited for the Authenticator App to almost time out before I submitted the code, it sometimes worked.

Hopefully they can disable 2FA from the back-end. Although this would then be a security flaw that could be exploited in the easiest way. Hacking the wetware (people).

Another 2FA issue, I found that when I enabled 2FA in this forum (not the cloud one) and added it to the Google authenticator app it replaced the cloud 2FA (which then of course didn’t work). So a warning, if using 2FA on both Particle cloud and the community board, use separate apps.

To be totally honest, I don’t even remember setting up 2FA with my Particle account.
I have 2FA setup for a bunch of other services & websites, so I’m familiar with backup codes.

Just found out a workaround.
About a month ago, I upgraded to a new phone (Pixel3) from my old Samsung S7. On the previous phone, I had the Particle app (logged in, using IFTTT integrations, etc.) and the Google Authenticator app.

This morning I fished out the old phone and tried using its Authenticator app to get the 6 digit code. This time, the Particle website accepted it. I was able to re-authenticate and disable the 2FA.

So…the Authenticator app on old phone worked, but not my new phone…

What process did you use to move the authenticator tokens to the new phone? As far as I know you need root access for that unless you saved the barcode/key when you enabled 2FA.

I haven’t even gotten that far. The Particle help desk told me about Authy, which can be used to share tokens across devices, but I haven’t bothered to look that deeply into it yet.