1.5 Digital Privacy: Authenticator
Hello all, this is the last part of this series Digital Privacy, I am going to end with my favorite part in the digital privacy topic, 2fa !!
Two-factor authentication (2FA), also known as two-step verification, is a widely implemented method of adding an extra layer of security to your accounts and services after you have submitted a password.
The most common methods are via an SMS message, a biometric marker such as a fingerprint or iris scan, a PIN number, pattern, or physical fob. Using 2FA creates an additional step to access your accounts and data, and while not foolproof, can help protect your accounts -- and password vaults, too.
When you log in to an online account with two-factor authentication enabled, the site first asks for your username and password, and then, in a second step, it typically asks for a code. Even if someone gets ahold of your username and password, they still can’t log in to your account without the code. This code, which is time-sensitive, can come to you via SMS, or it can be generated by a two-factor authentication app, such as Authy, on your phone. When you open Authy you see a grid with large icons that makes it easy to find the account you’re looking for, copy the security token, and get on with your day.
Compared with other authentication apps, Authy is also available on more platforms, including iOS, Android, Windows, Mac, and Linux, and it features PIN and biometric protection for the app.
Following metrics made Authy stand against the other authenticator providers
Platform compatibility: A good two-factor authentication app should work on both Android and iOS. Availability on Windows and Mac can be useful, especially for account recovery, but isn’t a requirement.
Usability: An authenticator should make it easy to add new accounts, find existing accounts, and delete unneeded accounts.
Reliability: Pretty much anyone with an app developer license can make an authentication app, so when it came to security we looked for apps run by well-known companies like Google, Twilio, Cisco, Microsoft, and others. Going with a reliable company helps guarantee continued support for new mobile operating systems and tech support if something goes wrong.
Ease of account recovery: Account recovery is the biggest pain point with two-factor authentication, so we looked for apps that offered multiple ways to recover an account, whether through a support line, some type of device backup, or other means.
Optional backups: The security researchers we spoke with said they don’t recommend backing up or syncing a two-factor authentication account because then your tokens are on the company’s servers, which could be compromised. So we looked for authenticators that left this feature opt-in. For the apps that do offer backups, we looked for clear explanations of how the backups worked, where they’re stored, and how they’re encrypted.
App security: We looked for apps with support for PIN or biometric locks, so you can add another layer of security, such as Face ID or your phone's fingerprint scanner, to the app if you want.
How to set up and use Authy
Most people use Authy primarily on their phone, so let’s start there:
Download the app from Google Play or Apple’s App Store. Open the app; Authy asks for your mobile phone number and email address. Authy sends you a PIN over a text message. Enter that code in the app.
Adding a service to Authy is as easy as scanning a QR code (after tapping through a half-dozen buttons and links). Video: Rozette Rago
Now, let’s walk through what it’s like to set up two-factor authentication on a site. Every website is a little different, but Authy includes guides for the most popular sites, and the Two Factor Auth (2FA) list includes nearly every site that supports two-factor authentication.
As an example, here’s how it works on a Google account: Log in to your Google account (it’s much easier if you do this from a computer). Click the Security tab on the left side. Select 2-Step Verification. Reenter your password. Find the “Authenticator app” option and click Set Up. Select Android or iPhone and click Next. Google displays a QR code. Open the Authy app on your phone. On Android, tap the three-dot menu and then Add the account. On iPhone, tap the Add Account button, with the large + symbol. Tap Scan QR Code and use the camera on your phone to scan the QR code from Google. Tap Done on your phone. The account is now in Authy, but it’s not enabled yet. Back on Google, click Next. Then, enter the six-digit code from Authy. Click Verify. You will see a “Backup codes” option. This is how you can get back into your Google account if you lose your phone and access to the Authy app. Save these codes. Print them out and store them somewhere you’ll be able to access them if you lose your phone. Save the backup codes each account provides, as that is the most secure way back into your account in case you lose your phone.
Microsoft Authenticator is a notable alternative to consider