Protect your accounts with 2 Factors authentication

September 26, 2019

The password problematic

Nowadays, with the high risk of passwords hacking, if someone finds your password, he can easily access to your account. Reasons are multiple. Here are some of them :

  • A website is hacked and the hacker access every e-mail & password in the database
  • You write the password somewhere and someone finds it out
  • Your password manager gets hacked
  • Someone sees you typing the password
  • You write your password on an HTTP connection and someone is listening to it

So, you need an additional layer of protection. The common point between the reasons above are: the person who knows your e-mail/pseudo & password will probably try to connect to the account using a different machine than yours (Personal smartphone, laptop pro, etc.).

2-factor authentication solutions

More and more websites propose a new service: the possibility to add a second authentication.

As usual, at the connection process, the website asks you email/password. But if the website detects a new connection (from a different machine), it will simply ask you one more step: A code to enter.

This code can be sent through SMS or a mobile application for instance.

So, if someone gets your password, he cannot log-in without having access to your code (which should require your phone for example).

The more secure solution is to have an authenticator mobile application, which deals with codes without using SMS.

SMS 2-factor authentication is still better than nothing but is not as secure as the authenticator application because it can be bypassed.

Concrete example

Let's say I want to be sure nobody can access my e-mail account because there is sensitive information on it.

First, I choose one authenticator application, let's say Authy.

Then, I go in my e-mail account settings and look for a security tab. Then I follow the steps to link the account with Authy (Usually through QR-code, or a long line of characters). And here is it!

Which service to choose?

Authy, Google authenticator, 1password, Lastpass are offering the same basic feature: code generation.

I used Google Authenticator, but moved to Authy because of the downside of Google Authenticator: If you lose your smartphone, or move to another, you need to change re-link every account. On Authy you can simply use multi-devices option, and do not be afraid to lose your phone or to change of device.

Back-up codes

You will be provided with back-up codes in case of problems (No access to the authenticator app, loose of devices, etc.). Those codes are one-usage and need to be kept safe and protected.

I highly recommend to store them in a safe place like a password manager! Wait... Did I spoil a next post? ;)

TL; DR (Too Long; Didn't Read)

Use an authenticator application to strengthen your accounts and enable 2-factor authentification.