Are you using two-factor authentication? If not, you may want to reconsider.
Two-factor authentication (sometimes referred to as verification) introduces an extra layer of security to your online accounts, usually by adding a second step to the login process. After you type in your username and password, you are prompted to enter a unique one-time code, often sent to you via SMS.
However, some internet users are turning to another method of two-factor authentication that doesn’t rely on text messaging: two-step authentication apps. These apps can be installed on your phone (or, in some cases, your computer). After filling in login information for your favorite internet site, you can use the two-factor authentication app to find your security code — with no SMS message necessary. This adds an extra layer of security to the authentication process.
To help you on your journey to increased cybersecurity, we’ve rounded up some of the handiest two-factor authentication apps currently on the market. You can read about them below.
Google Authenticator (links here are to iOS versions of the app) is a standard choice for two-factor authentication apps. To use the app, first make sure two-step verification is set up for your Google account. Once you are set up and connected with the app, you’ll be able to access codes for two-step authentication without the need for internet connection.
How does it work? The app scans a QR code on your screen and then provides you the code to type in. Though it’s made by Google, it doesn’t only work for your Google account. You can use the app to generate codes for sites like Facebook, Dropbox, and Slack.
Authy (seen above) works similarly to Google Authenticator, providing codes for two-factor authentication without the need for internet or cellular service. You can synchronize the app across multiple devices for use on your mobile, desktop or tablet.
You can secure your Authy app with a pin or TouchID protection to prevent your security codes from getting into the wrong hands if someone steals your phone or otherwise gains unauthorized access to your Authy-installed device.
Authy can be used for the same list of sites as Google Authenticator including Gmail, Facebook, LastPass and Evernote. It can also be used for increased bitcoin wallet security.
To begin using Toopher, connect your phone to any of the app’s supported services. Then, when you go through your typical login process, you’ll receive a push notification on your phone asking for authentication, which you can allow or deny. The app emphasizes user facility, with options to make the second step of your login process automatic when signing in from known safe locations like your office.
Toopher works with a host of sites, including LastPass and Mailchimp.
[For a list of popular sites that offer two-step verification of some kind, check out our article Do The Two-Step.]
Duo Mobile offers various mechanisms for two-step verification. Like Toopher, they have a push notification option, which lets you approve or deny access to sites with a quick click. The app also provides more traditional codes for manual entry.
The app also has a handy feature called Security Checkup, which provides information about the security level of the device on which it’s installed. This can help you take steps to make sure your mobile phone is as protected as possible.
Microsoft Authenticator adds an extra layer of security to your Microsoft account, increasing protection of platforms like Office and Outlook. With this app, your phone is actually used as part of the first level of authentication: you enter your username, and then are prompted on your connected phone to approve the login attempt. You then use a Face ID, fingerprint, or a pin to add the second layer of authentication.
The app can also work for non-Microsoft accounts in a more traditional fashion. You enter your username and password and then use Microsoft Authenticator to provide the second step of verification.