Raspberry Pi ID
To use Raspberry Pi services, you will first have to create a Raspberry Pi ID account using our identity service. This account will be your gateway to the Raspberry Pi website and other services such as the Raspberry Pi Events pages.
Go to id.raspberrypi.com in your browser and click on "sign up".
This will take you to an account creation page. Enter your email along with a password. You will need to type the password a second time in the password confirmation box.
If your password matches, the service will send an email to the email address you entered. Go to your inbox and open the email, then click on the "Verify email" button in the email.
You will be signed into the identity service.
After creating a Raspberry Pi ID, you can log in to Raspberry Pi services using the "Sign in with Raspberry Pi" button to sign in with your Raspberry Pi ID.
Like most modern web services, the Raspberry Pi ID service supports two-factor authentication (2FA) using a time-based one-time password (TOTP).
Two-factor authentication is an extra layer of protection. As well as a password (“something you know”), you’ll need another piece of information to log in. This second factor will be based either on “something you have”, like a smart phone, or on “something you are”, like biometric information.
We’re going to go ahead and set up “something you have”, and use your smart phone as the second factor to protect your Raspberry Pi ID.
You will need to download an app to your phone that will generate the TOTP. One of the most commonly used is Google Authenticator. It’s available for both Android and iOS, and there is even an open source version of the app available on GitHub.
So go ahead and install Google Authenticator, or another 2FA app like Authy on your phone before going any further.
To enable 2FA, click on the “Two-factor authentication” option when signed in to the identity service.
Open the Google Authenticator app on your phone and tap the plus sign (+) at the top right, then tap on “Scan barcode”.
Your phone will ask you whether you want to allow the app access to your camera; you should say “Yes”. The camera view will open. Position the QR code squarely in the green box on the screen. As soon as your phone app recognises the code, the authenticator app will add your new account, and will start generating TOTP codes automatically.
|The Raspberry Pi ID service also support macOS and iOS iCloud Keychain integration, so you can right click (long press) the QR code until you get the "Set up verification code" option on your Mac or iPhone.
Now you should go ahead and enter the six-digit TOTP generated by your authenticator app on your phone into the Raspberry Pi ID service.
If you enter the TOTP correctly, you will see a confirmation screen with a recovery code.
|You should copy the recovery code down and store it in a safe place. This is the only way to bypass two-factor authentication in the future if you lose, or otherwise don’t have access to, your phone and the authenticator app running on it.
You’ll now need your phone, and a TOTP, every time you log in to Raspberry Pi services. But because of that, you’ve just given a huge boost to the security of your devices on the service.
|If you need to disable two-factor authentication at any point in the future, you can do that by logging back in to the identity service.