If you didn't get the memo, passwords aren't enough protection for your online accounts. Even a long and complex password offers only one line of defense which can falter. Two-factor authentication adds an additional layer, bolsters your defense, and decreases the risk of your account becoming compromised.
These apps create a series of numbers, known as tokens, which need to be inputted after logging in with your password to access your account. Since the app resides on your phone, it requires you to both know your password and have access to your phone to log in, making it harder for someone to gain access.
While there are multiple ways to implement two-factor authentication, 2FA apps offer a great balance of convenience and security. Whereas SMS aren't secure because messages can be intercepted, and phone calls aren't convenient as you have to wait for an automated system to call your phone and read out your code, 2FA apps don't compromise in either department. The token is much harder to intercept, but remains as easy to access as an SMS message.
- Your phone
- A computer or a second mobile device
You will need to have a 2FA app to get started. If you're not sure which app to use, we have a roundup comparing the best authenticator apps available on both the Play Store and App Store. For this example, we will be using Authy, which came out on top on our list.
Even though most websites support some form of two-factor authentication, which method is supported varies. Many sites will support SMS and phone calls and skip 2FA apps altogether despite being a more secure method.
While apps are slowly making the shift, you still should check first to see if your account supports this method of authentication. Use this link to search for websites which you have an account for and look to see if it supports a "Software Token" (which indicates it can use 2FA apps).
The next step varies for each website, but we will be demonstrating with Dropbox. On either your computer or the second mobile device, sign into your account and enter "Settings" or "My Account." Search for the option labeled "Security," which in the case for Dropbox is a tab. Enable "Two-factor verification," which may also be called "two-factor authentication," "two-step verification," or "multi-factor authentication." Enter your password and choose the option "Use a mobile app." Once selected, a QR code will appear.
With Authy open, select the three vertical dots in the upper-right corner of your display and choose "Add account." Once added, select "Scan QR code," and using the designated box, scan the code on your computer or second mobile device. Authy will create an entry for the account in your database, with a prompt to edit its name if you wish. Select "Done" and you'll be presented with the new entry and a six-digit code.
This process will be similar with any other 2FA app — just look for an option to "Add account" or "Add new service."
Select "Next" on your computer and input the six-digit code. Be sure to input the code quickly, as it will expire after 30 seconds (if it expires, input the new code). After a series of prompts, select "Next" until you return to the main page with the "two-factor verification" toggled enabled.
Log out of your account and attempt to log back in. After inputting your username (or email address) and password, a new screen will emerge asking for your code. Open Authy (or whichever 2FA app you are using), find the entry for that account and memorize the code (for Authy, select the small buttons next to the code to copy it to your clipboard). Input the code where prompted by your account, and voila, you're logged in.
With 2FA apps, you can quickly add a second layer of protection to your account. While a strong password (created with a password manager) does help, in this day and age, it isn't enough. And as the recent Reddit breach shows us, SMS-based 2FA isn't secure. Using apps like Authy adds further protection to your account by requiring not only knowing a password, but having access to your smartphone.