Why Is Two-Factor Authentication Cool and Which Good Apps Use It
About 90% of all apps we use daily require internet access. The web is a colossal source of information, but it also storage of our personal data. That’s why we need advanced protection measures to avoid any kinds of robbery and wildcat manipulations with our data. Multi-factor authentication (MFA) and Two-factor authentication (2FA) are the safest means of protecting user accounts because they don’t allow hackers to intrude having your login and password. In this article, I will explain how these mechanisms actually work and what are the best apps, that use them.
Multi-Factor authentication is a way of authentication in which you have to enter your login, password and additional code. This 4-6 digit password is generated each time you enter correct personal data. Digits may be generated inside the application or on service’s protected servers to be sent via SMS (out-of bend-mechanism). In plain words 2FA requires something, that is known only to you (password) and something you own (your unique authorized device).
Implementations of this mechanism may look differently. The oldest variant is ATM. To withdraw cash, you need something you own (your credit card) and something you know (password). It’s simple but perfect.
Another good example is 2FA by Apple. All their devices under MacOS and iOS have an integral 2FA system, but it works in their own way. Access code generation is not delegated to any third-party services. To make any system changes, you have to prove, that you are the real owner. For that purpose, the system sends an alerting notification to one of the devices authorized under a single user name. To continue, you must allow access and get a unique 6-digit code on an authorized device screen to insert it on a new gadget. To check it yourself you can quit your iCloud on your Mac and authorize again. You will receive a warning notification on your iPhone or IPad to allow access and get a generated password. Unfortunately, this option doesn’t work with applications and services by other developers.
I’ve already mentioned SMS-generated codes. They are still widely used in internet banking, Apple products, and Android devices. They are very easy to use because Apple devices are taught to autofill passwords from approved sources. Everything could be fine, but even such a massive corporation made a mistake, that undermined trust to this method. TechCrunch reports about a security firewall breach, that exposed Apple’s database of reset passwords, 2FA codes, shipping notifications and some (millions) of messages from booking.com, several financial institutions and, of course, Google. Luckily, no leaks occurred, because the breach was noticed by company employees. It’s not clear how could it happen, but Voxox company servers weren’t protected by passwords. Anyone could reach personal data knowing where to look for.
Ok, it was a problem caused by a third-party organization. Other drawbacks of SMS 2FA include response time delays, which may long up to several hours (or forever) and the possibility to intercept messages. Yes, it’s close to impossible, because you can’t know timings, but I think it’s just a question of fraudulent technologies progress.
Best Apps That Use 2FA
Here, I decided to tell you about those apps, which use strong 2FA mechanisms. Their strength lies in the ability to work away from LTE and to generate passwords offline. All applications below may be applied to websites, that require Google Authenticator by default, because they use the same algorithm of 2FA code generation and setting.
This application is truly the easiest to use on the market. 2FA is its only specialization. After you set it up, it starts generating Authy tokens (codes) to be used with your usernames and passwords. To start from scratch, you just have to link your accounts to Authy. After that, you will see, that it wakes up every time you want to get access somewhere.
All expired tokens are stored in a cloud, but active ones are fully protected offline. Encrypted data is always in a loud, but decryption is conducted offline only. This feature allows you to use Authy on multiple devices and set them up a corporate application. You can’t use Google Authenticator for that purpose, because it stores codes for a single device. So, if you lose your phone with GA, you lose your database. With Authy you can be sure to access tokens from any authorized device.
This solution has a lot more usabilities being perfect storage for any online passwords. A few years ago developers added one time passwords, so now 1Password is the most versatile 2FA hub. Link your and your family accounts (up to 5) to receive short-living codes in your clipboard automatically on any iOS, Android and MacOS device.
However, I can’t force you to give it a try, if you already use a password-managing application like Dashlane. 1Password has many features besides 2FA, so there’s no need to download it only for that purpose.
You can use 1P for both home and work needs because it allows you to create multiple storages (vaults) for data.
I would advise using this application to those people, whose job requires everyday tasks in Office 365 software. It has a convenient interface and allows you to link new iOS and Android devices without any problems. The only strict requirement is the availability of Microsoft account to be used in a bundle with iCloud. However, it’s not as good for personal purposes as Authy, because it doesn’t have a MacOS desktop client.
We may exchange endless arguments about the good and bad sides of Google software, but we can’t really avoid using them in everyday life. Many Mac users prefer Chrome, all of us use their search engine and quite a lot of people stick to Google Authenticator. It’s quite difficult to move from other apps because you have to link all accounts manually one by one. That is very annoying. However, when you finally do GA appears to be a very convenient 2FA only solution. It is obviously much more utilitarian, than all the apps above, but has all the listed features (except G-Drive sync).
My experience of using these applications shows, that they all do quite the same, but you have to choose one, that matches your personal and work purposes. The most versatile solution is 1Password, but you may lack Microsoft compatibility or feel overwhelmed by the number of extra features. In these cases, other nominees will surely help.