It might be time to switch from SMS 2FA codes to an authentication app

Valentine Muhamba Avatar
authentication app

I think we have all encountered two-factor authentication (2FA) from time to time. This could have been when setting up an email or any other account online. 2FA is a measure that offers us a second layer of protection when we are logging in to Gmail or even ZOOM. After entering a password users get a prompt to check out phone for an SMS code to proceed. I usually went the SMS route to get the 2FA codes in order to log into my accounts. But there is a risk associated with using SMS for two-factor authentication.

The risk of SMS two-factor authentication

For a good long while I thought that SMS 2FA was bulletproof but there was a danger I had overlooked. Your mobile network operator is the intermediary between you and the one-time password that will allow you to proceed. That presents a real problem because services require you to have one number linked to your account.

Hackers or anyone with the where with all, can clone or move your phone number to another device. A study published in January this year revealed that some US carriers were vulnerable to these sim swap attacks. If someone is able to do this then they could gain access to accounts that are linked to that number. A way to avoid a situation like this is by using an authentication app.

What is an authentication app?

Authentication apps generate one-time passwords for two-factor authentication. The one-time passwords are created by an algorithm and they are time-sensitive. This means that the password the application gives you will only work for a short time until another is generated. We briefly touched on authentication apps when ZOOM rolled out an update that allowed users to include 2FA when logging in. Since that time I have tried out a number of authentication application:

I can’t really nail down why but I preferred Google Authenticator but the others are really good too. It’s really simple to add an authentication app as your 2FA option, we can take Gmail as an example using Google Authenticator:

How-to

  • Download Google Authenticator (iOSAndroid)
  • Enable two- factor authentication (if you haven’t already) by going to myaccount.google.com
  • Click Security on the left side of the screen
  • Scroll down to the Signing into Google section
  • Look for the option to turn on 2-step verification (if it isn’t already on select the option to turn it on)
  • If you haven’t already enabled 2FA then you’ll get prompts to enter your Gmail account password. You’ll need to enter your phone number and then choose SMS.
  • You’ll get an SMS code that will allow you to complete 2FA setup
  • On that same page, you will see options for how you want to receive your codes. Click the option that reads “Choose other option”
  • Select the Google Authenticator
  • You will then be prompted to select the type of mobile operating system. Choose the device that you have installed the Google Authenticator on.
  • You’ll then be presented with a QR code to scan.
  • Open Google Authenticator app on your device. Click the plus icon in the bottom right corner and scan the QR Code.
  • You’ll then be prompted to enter the code that comes up in the Google Authenticator.
  • Enter the code and click done.

You’ll still get codes using Google Authenticator if you don’t have an internet connection on your mobile phone.

When you log into your Gmail you’ll have to enter your password as usual but you’ll also have to enter the code generated by Google Authenticator.

,

3 comments

  1. Nicolas Roquefort-Villeneuve

    As I like to say: Replacing 2 with M doesn’t necessarily cut it. And that includes those passwordless solutions that leverage basic biometrics (Touch ID, Face ID) that can be easily spoofed. I believe that without an indisputable ID-proofing and authentication process that involves the use of advanced biometrics (liveness test) and the user data being stored encrypted in the Blockchain, we’ll actually continue to be able to buy ($1 for all the info inherent to a bank account) user data on the Dark Web…

  2. Cara handal

    authentication process that involves the use of advanced

  3. best Headache meds

    Thanks for your suggestions. One thing I’ve noticed is the fact that banks as well as financial institutions really know the spending routines of consumers as well as understand that many people max away their own credit cards around the vacations. They sensibly take advantage of this particular fact and begin flooding your own inbox as well as snail-mail box along with hundreds of Zero APR credit card offers right after the holiday season finishes. Knowing that if you’re like 98% of all American open public, you’ll leap at the opportunity to consolidate credit debt and move balances to 0 annual percentage rates credit cards. feeeegj https://headachemedi.com – best Headache medications

Join Waitlist We will inform you when the product arrives in stock. Please leave your valid email address below.