How to Keep Your Account Secure with Two Factor Authentication

We hope that you've heeded the multiple articles we've written on the subject of Two-Factor Authentication (2FA). It's one of the best security features you can to protect your online life. 2FA can be added to your Facebook (or any other social media platform) as well as your bank account and basically anything that needs more than just a simple password to maximize security. Some 2FA types are better than others, and it's generally considered better to roll with an Authenticator app by security experts.

It's true that the quickest way to use 2FA is via SMS. You will simply get a text message with an access code for your account every time you try to log into it. Simple, but effective. While this is generally the easiest method, it's also not the best one. It's has a fair amount of downsides. For example, if you some malicious third party hacks your SIM card you're in big trouble. If that happens hackers can easily gain access to the text messages containing the code and thus your accounts.

"Unfortunately, it isn't that hard for thieves to impersonate you to your mobile phone carrier and hijack your mobile phone number—either with a phone call to customer support or walking into a phone store," according to Lorrie Cranor, a computer scientist at Carnegie Mellon University and an ex-FTC technologist who has had her own SIM hijacked back in 2016.

Instagram is particularly vulnerable to this problem since it only supports text-based 2FA at the moment. Instagram has over a billion active users as of June 2018, so that's a lot of potential victims. So what is the solution? Authenticator apps say experts. "Authenticator apps are not vulnerable to this problem," Cranor said. "They're a more secure way to do two-factor verification," she added. Instagram is working on incorporation authenticator apps as we speak.

Fortunately, most big-name websites already support authenticator apps. Google has its own sophisticated Authenticator app, and there's a huge variety of third-party authenticator apps if that one's not to your liking.

How to set up an Authenticator app?

First, let's go over the different authenticators out there. The most used ones are Google Authenticator and Authy. Microsoft also has its own Microsoft Authenticator. Also, password managers like Cyclonis Password Manager have authenticator functions as well, so you can kill two birds with one stone by getting CPM. Whichever option you go for know that they all have the same core features.

Instead of sending you a text message, Authenticator apps prefer to display a randomly created six-digit code. The code changes every 30 seconds or so, but it always stays synced with whatever website you're attempting to log into. One of the main boons of authenticator apps is that they're tied to a physical device, not just a text message, meaning that they can continue to work even without cell coverage or Internet access.

Virtually every popular service or website out there has this type of token-based 2FA integrated.

Choosing a specific authenticator app is up to you and depends on what you're looking for exactly. For example, Google Authenticator has only minimal features aside from its main one, but it's made by Google, which has a fantastic security rating and record. On the other hand apps like Authy have more tools. Authy is capable of pulling security codes straight from your desktop or your tablet. It's not limited to just your smartphone. Authy can also back up your security codes to the cloud, which makes it a lot less of a hassle when you have to change to devices than Google Authenticator.

We've covered Google Authenticator before, so let us give you a quick rundown of Authy. It's pretty much the same thing as Google Authenticator, but with a few extra hurdles.

First thing's first. Download the app and install it. After that launch Authy, the app will prompt you for your phone number, and it will send you a registration code. You can select how you want to receive it (it can be by phone call, SMS, or a second device). The installation is simple enough, now you have to connect it to the accounts you want to protect.

This is the most annoying part of the process because you'll have to hook up the app to each and every account you have manually. Unfortunately, there's no way to do it automatically or at once so strap in. The good news is that it's fairly quick once you do it a couple of times.

Every website works similarly. The wording may be a bit different, but essentially you need to go to Settings and look for Privacy or Security options. From there you'll have to find Two-Step Verification or Two-Factor Authentication or some variant of that. Click on Use a mobile app, and you'll get a QR code. Your smartphone should be able to scan it and that's it. Press Add Account and you're done.

What features does Authy have over Google Authenticator?

While Google Authenticator has everything you need for basic protection Authy has a few nifty features that can be quite useful. If you're not interested in them and all you want is the essential Two-Factor Authentication skip this part.

For example, go to Settings and press on Accounts, from there you can toggle Authenticator Backups on and off. This option lets you generate encrypted backups in the cloud. These backups can be extremely convenient if you want to switch phones. They will save you the trouble of having to sink every single account to your new device all over again. On the other hand, if you prefer to store your codes on a single device that's perfectly understandable too.

Another thing you can do with Authy that you can't do with Google Authenticator is you add multiple devices to your Authy account. Just go to Settings, click on Devices, and enable the Allow Multi-device option.

November 13, 2018

Leave a Reply