People ask for security tips to protect their accounts from being hacked. It is always recommended to create a strong and long password with upper and lower case letters, numbers and special characters.
But each password should be unique for each account, and it should use 2FA, but the type of two-factor authentication you use also matters immensely. Read also Released by Apple to protect your privacy … a comprehensive security guide on how to prevent intruders from obtaining your information No app is completely safe … this is how your children learn to protect themselves on social media Because of his failure to protect children … European Consumer Protection Tik Tok suesTo protect your personal information … Golden tips to safely delete your data
This text-based authentication that we currently use, where a text with a 6-digit code is sent to your phone to verify your identity, is technically weak as these text messages were not designed to act as an identity verification tool, and it is a highly insecure option recently as hackers continue Find ways to exploit it.
That’s why it’s recommended to use authentication apps like Google Authenticator instead.
Don’t let the name intimidate you, there are a few extra steps to take, but the result is worth it.
Why is your phone number not good enough to verify your identity?
You may have heard of one of these cases in which the SIM card is seized, or what is known as sim joking, a process in which the hacker persuades the telecom company that it is you and gets a new phone chip, and by the time you call and report the incident it will be too late.
The most notable use of this trick was Twitter co-founder and CEO Jack Dorsey in 2019. But you don’t have to be a famous billionaire to be a target.
If a hacker knows about you enough to convince your mobile phone company that it is you, a customer service representative may transfer your SIM card to them. There have also been instances where cellular operator employees have received bribes to exchange phone cards, in which case the hacker will not have to know anything at all.
Putting a PIN on the SIM card may prevent some of this, but it is not guaranteed. Stated site Weiss (Vice) in March / last March that hackers have discovered gaps in other short messages that do not even require access to your own phone card.
“SMS, as a technology, has been around for a long time,” Mark Rogers, executive director of cybersecurity at Okta, a company that develops identity authentication technology, told Recode that “SMS, as a technology, has been around for a long time,” adding, “It was designed to be a cheap medium.” “To send messages. They were not designed to be secure. We built a group of security services on top of them.
So if you are using text messages or your phone number to verify your identity, it is time to think about something else.
Authentication apps – which are usually free – need a few steps to setup other than text-based authentication. But some people may find that choosing and downloading another app, scanning QR codes and accepting codes is too scary, or simply not worth the extra effort. But the truth is, it is worth it.
Achilles Talwar, Director of Product Management at LastPass, an app that creates a manager for passwords and authentication, says, “That’s our primary goal of really promoting these authentication apps… They’re really easy to use, they’re extremely secure, and they’re convenient. Also. You receive instant notification in some cases. “
How to choose and use an authenticator app
Authentication apps work in the same way as text-based 2FA does, but instead of sending you a code via text message, the code appears in the app.
The code also changes every 30 seconds or so as an additional measure of protection, so that it is impossible for a hacker to guess the correct code when it changes frequently.
Many sites have recommendations for good authentication apps and the features of each, which can help you figure out which one is best for you.
One of the most popular authentication apps is Google Authentication, and it’s from Google, so you can be confident that it will be around for a long time and that the company knows what it’s doing to keep the app safe.
But it is also one of the most basic authentication apps available. If you are looking for some other feature, Authy is highly recommended by most users, has a great interface, and lets you search within the app for a specific account (very useful if you have a lot of accounts).
It can also benefit from connecting LastPass and 1Password authentication apps to these companies’ password managers.
Microsoft Authenticator – which, like Google, has the support of a huge and long-standing company – is also a good choice.
Some apps give you an option to have a backup of private information in the cloud or to use the app across multiple devices, which can be useful if your phone (and hence its authentication app) crashes or is lost.
And some apps even have a search function so you can easily find the app you’re trying to log into (very useful if you have a long list of logins).
How to add an account after downloading the authenticator app on your device?
Let’s use Instagram as an example of how to connect your authenticator app to your Instagram account:
Go to Settings in the Instagram app, then to Security> Two-Factor Authentication, and select the Authentication app.
From there, Instagram will request your authenticator app to open and it will automatically add your Instagram account to it. You will then see a 6-digit code in the app. Enter this code on Instagram and you are good to go.
But you are not done yet. Instagram will then show you a bunch of backup codes. Write some or all of them, and keep them in a safe place (not on your phone). You may need them to regain access to the app or website if you lose access to your phone and your authentication app does not have a backup system.
Websites differ slightly in preparation, for example, if we take Twitter as an example:
You must go to Settings and Privacy and then to Security and Account Access, and then to Security, then Two-Factor Authentication, and then to the Authentication Application.
From there, you will be prompted to scan a QR code using your phone’s camera, which will open the authenticator app and add your Twitter account to it. If you are unable to scan the QR code or if the app does not open properly, you can also create and enter a code manually instead.
Back on Twitter, click “Next” and enter the 6-digit code into your app. Once again, remember to save your Twitter backup code in a safe place.
Now that the setup is done, when you log into Instagram or Twitter, you will be asked to enter a code from the authenticator app. Open the app, get the code for the account you’re trying to log into, and enter it into the website or app. You can choose to do this every time you log into a site, or you can choose to do it only once if you use a device that you trust. And that’s it.
Two very important things to remember
Once the authentication app is up and running on an account, make sure to disable text message-based two-factor authentication and remove your phone number from the account (unfortunately, some apps and websites won’t allow you to do this).
And don’t use your phone number as a backup option for account recovery because phone numbers are a weak point of identity verification tools.
Finally, if you are getting a new phone, make sure to transfer the authentication app from your old device to the new device. If the authentication app requires you to have both devices in your possession to do so, be sure to plan ahead, otherwise you will have to rely on all account backup codes to manually regain access to your accounts. Not a good option but still better than being hacked.
Again, this will take a little more effort than relying on SMS-based authentication, but think about what you might lose if your accounts were hacked. You may not realize how valuable some of these accounts and the things in them are.