How to use an authenticator app to improve your online security

Passwords alone are hopelessly weak and fragile security measures.

Don’t be fooled by the myth that creating a stronger password will somehow make you safe online. You can create a password that is so long and complex it takes you five minutes to type, and it will do nothing to protect you if the service where you use that password stores it improperly and then has their server breached. It happens regularly.  

And even with reasonable policies in place (complexity, changed regularly, not reused), people are still the weakest link in the security chain. Social engineering can convince even intelligent people to enter their credentials on a phishing site or give them up over the phone.

The solution is two-factor authentication, or 2FA. (Technically, it should be called multi-factor authentication, but 2FA is the most common form, so that’s the term I’ll use in this article.)

Turning on 2FA for a service changes the security requirements, forcing you to provide at least two proofs of identity when accessing a secure service for the first time on an unknown device. Those two forms of authentication can come from any combination of at least two of the following elements:

    “Something you know,” such as a password or PIN
    “Something you are,” such as a fingerprint or other biometric ID
    “Something you have,” such as a trusted smartphone that can generate or receive confirmation codes

For the most part, the two-factor authentication systems you see in place today use the first item, your password, and the last item, your smartphone. Smartphones have become ubiquitous, making them ideal security devices.

Your smartphone can assist with authentication by providing a unique code that you use along with your password to sign in. You can acquire that code in one of two ways: sent as a text message from the service, or generated by an app installed on your phone.

Here, for example, is what I saw moments ago when I tried to sign in to my Gmail account from a browser I had never used before.

If this sign-in request were from someone who had stolen my Google account credentials, he’d be stopped dead in his tracks. Without that code, he can’t continue the sign-in process.

I prefer the option to use an authenticator app rather than receiving codes via text message whenever possible, and so should you. The reason is simple logistics. There are times when you have access to the Internet (via a wired connection or Wi-Fi) but don’t have the ability to receive a text message, because your cellular signal is weak or nonexistent, or you’re using a different SIM while traveling.

The most popular 2FA app is Google Authenticator, which is available on iOS and Android. But if you use another platform, you can almost certainly find an alternative: Because the process for generating secure tokens is based on open standards, anyone can write an authenticator app that performs the same function.

Read more at ZDNET

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

Blind SQL Injection Tutorial to Hack a Website

In the previous article, we have the basics of SQL Injection; what SQLi is and what are the types of SQL injection. And, In...

What is SQL Injection? Tutorial: Type and Example

What is SQL injection, and what are the types of SQL injection? These are the common questions, and we will seek the answer to...

Are Cisco 300-410 Exam and Its Related Certification Your Pathway to Career Success? Find Out about This

Introduction Career success can mean different things to different people. For some, it could mean having a prestigious title and for others, it could be...

How to Hack Windows 10 Password Using FakeLogonScreen in Kali Linux

This article demonstrates an in-depth guide on how to hack Windows 10 Passwords using FakeLogonScreen. Hacking Windows 10 password is an exciting topic and...