I think it's universally accepted that Two Factor Authentication (2FA) is a good idea. In short, many sites allow you to add an extra later of authentication. Typically this works by having a code that needs to be entered whilst logging into a new device, which is tied physically to the user in some way...
- SMS message to register mobile number
- One Time Password (OTP) created by an authenticator app
- One Time Password (OTP) created by a Yubikey
It is also common to have two factor authentication using additional information, such as a pin number or security question. However, this is still something that can be guessed more easily, so I personally don't count these as proper two factor authentication. And there's also biometrics, but we've all seen Minority Report!
With each of the options in the list above, you have to register your device in some way. Once registered, you log in by entering your username and password as before, but then you are taken to a second screen. This second screen insists that you enter a code, which only you can generate/retrieve using your registered device, thus proving that it is you who are logging in. You usually get the option to make this a trusted device, which means you won't be asked for the two factor code on this device for a while, usually 30 days.
Initially I setup my main accounts (especially Google!) to use SMS authentication. This is easy to setup, as all they need is your mobile number. However, there can sometimes be a delay in the site sending your message, or it being delivered, especially if you're in an area with poor reception. So I had to investigate other options.
I have a Yubikey and it is pretty cool, you plug it into a USB port and when required you put the cursor in the code field and click the button on the device - it is registered like a keyboard so it can generate and spit out a code directly into the field. It even clicks enter for you, submitting the form - very cool! Unfortunately, not many sites support them, and you then have to make sure that you have the Yubikey on you all the time.
The best option I've found is to use an authenticator app. This is on your phone, and who doesn't have their phone on them all the time anyway? There are a few options, but here are a couple of examples...
Originally I loved Google Authenticator, but now I prefer Authenticator Plus, and here's why...
- It uses the Material Design - this is a Google thing, so I'm sure they'll catch up soon.
- It shows the icons appropriate for the account, making them more easily distinguishable at a glance.
- It can backup and restore the linked accounts from the cloud - mine is saved to Dropbox, which is also one of my linked accounts).
- You can also see the codes on your smartwatch - no need to get your phone out of your pocket!
I find this so convenient, I love it. I'm a big user of Dropbox, which means I'm often finding I want to grab a file on a public computer, and this means I often need to grab a new code. The voice command is "Start Authenticator" and then you immediately have your first linked account on the screen, with the current code. Swipe up and down to move between the linked accounts, simple as that.
If you don't have two factor authentication in your digital life, get it! And if you don't have Authenticator Plus on your phone and watch to manage your linked accounts, get it!
No comments:
Post a Comment