Enhance Your Two Factor Security With Authenticator AppsPosted by
Two factor authentication (2FA) is a great enhanced security feature when securing your online accounts, but relying on text messages to receive your 2FA codes can be the weak link in the chain.
Many online services offer 2FA as an extra layer in your security defences, ensuring people can’t break into your account even if they know your login and password. It works by demanding extra proof of your identity when you log into your account from a new device for the first time.
Two-factor authentication relies on both something you know, and something you have, to confirm your identity. The something you know is your login and password, while the something you have can be a range of things but tends to be a one-time code sent to your phone as a text message.
You need all the pieces of the puzzle to log in to your account, after which you can often tick a box to trust that specific device so you’re not forced to go through this process every time you connect from your own computer, smartphone and tablet.
There are other options for the something you have. Some services support USB dongles and key fobs, which display an ever-changing code. The advantage of using your smartphone is that you don’t need to invest in a separate two-factor device, plus you know you’ll always have your smartphone at hand.
Unfortunately, there are a few downsides to relying on text messages to receive your two-factor codes. You might be in a coverage black spot where you can’t receive a mobile phone signal; perhaps well off the beaten track or just in the bowels of a large building where mobile signals struggle to reach. Alternatively, you might be travelling overseas using a different mobile phone number, rather than relying on expensive international roaming.
There is also a risk of hackers intercepting your text messages. There are flaws in the SMS protocols that leave it theoretically vulnerable, but some hackers take the more practical approach – especially when targeting business bank accounts.
After gathering enough information about you, the hacker pretends to be you and calls a telco to port your mobile number to another service provider so they can receive your text messages. By the time you realise your mobile phone has stopped working, they’ve already foiled the 2FA on your online banking and cleaned out your account.
Many banks are dealing with this threat by releasing their own smartphone apps, which can generate a one-time two-factor code without the need to connect to the mobile network. This ensures you can always use 2FA when you need it, plus it foils attempts to intercept your two-factor codes in transit.
Online tech giants like Google, Microsoft and Facebook also offer app-based 2FA to take SMS out of the equation, plus there are third-party apps like Authy. Some of these apps also let you generate two-factor codes for a wide range of websites and services, helping keep you safe even if your preferred online services don’t offer their own apps.
Businesses should definitely use 2FA to help keep hackers at bay, but it’s worth investigating the extra protection of app-based authentication to play it extra safe.