How to use an authenticator app to improve your online security

Passwords alone are hopelessly weak and fragile security measures.

Don’t be fooled by the myth that creating a stronger password will somehow make you safe online. You can create a password that is so long and complex it takes you five minutes to type, and it will do nothing to protect you if the service where you use that password stores it improperly and then has their server breached. It happens regularly.  

And even with reasonable policies in place (complexity, changed regularly, not reused), people are still the weakest link in the security chain. Social engineering can convince even intelligent people to enter their credentials on a phishing site or give them up over the phone.

The solution is two-factor authentication, or 2FA. (Technically, it should be called multi-factor authentication, but 2FA is the most common form, so that’s the term I’ll use in this article.)

Turning on 2FA for a service changes the security requirements, forcing you to provide at least two proofs of identity when accessing a secure service for the first time on an unknown device. Those two forms of authentication can come from any combination of at least two of the following elements:

    “Something you know,” such as a password or PIN
    “Something you are,” such as a fingerprint or other biometric ID
    “Something you have,” such as a trusted smartphone that can generate or receive confirmation codes

For the most part, the two-factor authentication systems you see in place today use the first item, your password, and the last item, your smartphone. Smartphones have become ubiquitous, making them ideal security devices.

Your smartphone can assist with authentication by providing a unique code that you use along with your password to sign in. You can acquire that code in one of two ways: sent as a text message from the service, or generated by an app installed on your phone.

Here, for example, is what I saw moments ago when I tried to sign in to my Gmail account from a browser I had never used before.

If this sign-in request were from someone who had stolen my Google account credentials, he’d be stopped dead in his tracks. Without that code, he can’t continue the sign-in process.

I prefer the option to use an authenticator app rather than receiving codes via text message whenever possible, and so should you. The reason is simple logistics. There are times when you have access to the Internet (via a wired connection or Wi-Fi) but don’t have the ability to receive a text message, because your cellular signal is weak or nonexistent, or you’re using a different SIM while traveling.

The most popular 2FA app is Google Authenticator, which is available on iOS and Android. But if you use another platform, you can almost certainly find an alternative: Because the process for generating secure tokens is based on open standards, anyone can write an authenticator app that performs the same function.

Read more at ZDNET

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

The Complete OSINT Tutorial to Find Personal Information About Anyone

This article mainly focuses on how to discover a person's digital footprint and gather personal data by using open-source intelligence (OSINT). So, in its...

How to find the password of hacked email addresses using OSINT

Open-source intelligence or OSINT is a potent technique, and it can give a lot of valuable information, if implemented correctly with the right strategy...

How to Identify Company’s Hacked Email Addresses Using Maltego & HaveIbeenPawned

This article is part of the Maltego OSINT tutorial, where you will learn to identify the already hacked account, and it’s password using the...

5 Key Vulnerabilities in Global Payroll

The cyber threat against payroll is growing in sophistication and frequency, according to the latest FBI cybercrime report. Many of these attacks exploit fixable...