Has anyone here used a 2-factor authentication app?

Reverend Conehead · Feb 17, 2024

Two-factor authentication is a useful tool for thwarting scammers. Many of you probably use it. If you aren't familiar with it, it's where the company (such as a bank, a security company, etc.) requires a code sent to you (often via text to your phone), and that code is required in addition to your login and password. Thus, even if a criminal somehow got your user name and password to your bank, they could not get in. However, I wrote in another post of another problem that has come up. Criminals will hack someone's phone service by tricking their service provider into sending them a new SIM or an E-SIM. Basically, they do what you would have done if your phone were lost, stolen or broken. You would get a new SIM to transfer your service to your new phone. So the crook pretends to be you, gets the SIM, and then suddenly they get all your calls and texts, and you're shut out. It's slimy and crooked, and this scumbags belong in prison.
...
I've recently found out about 2-factor authentication apps for Android and iOS. If you're getting that 2-factor code via an app, the crook can't get the code via the usual SMS text. I'm thinking of doing that. Plus, I've been needing to find a way to get my 2-factor code if I'm in Switzerland visiting family. The app would work there if I'm on wifi or if I get data from a phone service there. Of course, you would have to make sure and use a really good password, or biometrics, with the app. Otherwise, if the criminal figured out you're using that particular app, they could try to hack in via brute-force password cracking. However, a high-level password won't be cracked. You can always check if your password is hack resistant from the online Kaspersky Password Checker.
...
Another option for 2-factor is a keyfob. You can put the little device on a keychain, and it gives you codes throughout the day, regularly changing them like every 10 minutes or something. The company, like the bank or whoever, would need a corresponding device so that only you and the bank has the code. That's probably even more secure than the 2-factor app, but I'm not sure if it would work in Switzerland or some other country.
...
The bottom line is, a 2-factor app or a keyfob makes it so the criminals can't get into your bank account (or other company account) even if they successfully SIM-swap/hijack your phone number. You would still have the hassle of your phone suddenly not working, but at least you just have to get that corrected. At least they're not able to steal money from your bank account or do other crooked things.

Creeper · Feb 17, 2024

I have used Google Authenticator and Authy, which both work the same way. You synchronize the app on your phone with code on the server you want to access. When you log in you open the app and it will generate a 6 digit numerical code which you provide to the server in a certain amount of time. If the code generated on your phone app matches the code calculated by the server you are given access. These apps are as good as the protection you put on your phone. If you lose your phone then the person who finds it has control of the second factor of authentication. But websites usually require a regular password too. So, someone has to have your password and authenticator app to get into the website.

The only problem I have ever had was when I upgraded my iphone. The app is linked to the phone so if you change phones and download the app to the new phone it will not be in sync with the server. I use the apps to access crypto exchanges and I had to go through a process of proving my identification before I could re-sync the authenticator apps. It was a pain in the butt and it took a few days but I think this is the way you want an authenticator to work.

Two factor authentication apps are a lot easier than those stupid website apps that make you check the boxes that show a bike or road sign. Those fail about 50% of the time.

CyberB0b · Feb 17, 2024

I use authy. Don’t use SMS as two factor if you can avoid it.

Reverend Conehead · Feb 17, 2024

Creeper said:
I have used Google Authenticator and Authy, which both work the same way. You synchronize the app on your phone with code on the server you want to access. When you log in you open the app and it will generate a 6 digit numerical code which you provide to the server in a certain amount of time. If the code generated on your phone app matches the code calculated by the server you are given access. These apps are as good as the protection you put on your phone. If you lose your phone then the person who finds it has control of the second factor of authentication. But websites usually require a regular password too. So, someone has to have your password and authenticator app to get into the website.

The only problem I have ever had was when I upgraded my iphone. The app is linked to the phone so if you change phones and download the app to the new phone it will not be in sync with the server. I use the apps to access crypto exchanges and I had to go through a process of proving my identification before I could re-sync the authenticator apps. It was a pain in the butt and it took a few days but I think this is the way you want an authenticator to work.

Two factor authentication apps are a lot easier than those stupid website apps that make you check the boxes that show a bike or road sign. Those fail about 50% of the time.

Both Google Authenticator and Authy were highly rated on some review sites. I'm still going to talk with my bank's security department first. But you're right. I make my phone tough to get into. Plus, I don't put much on it. I have my bank's app on it, but I keep it logged out at all times and just memorize my password. I only log in long enough to use the features I need and then log out.

Has anyone here used a 2-factor authentication app?

Reverend Conehead

Well-Known Member

Creeper

Well-Known Member

CyberB0b

Village Idiot

Reverend Conehead

Well-Known Member