A Comparative Review of Authentication Apps: Microsoft Authenticator, Google Authenticator, and Authy


In a world where data breaches and account hacks are unfortunate, the need for increased security measures has never been more important. One of the more secure forms of protection is multi-factor authentication (MFA), also known as two-factor authentication (2FA), which adds an additional layer of protection to your online accounts. Authenticator apps, such as Microsoft Authenticator, Google Authenticator, and Authy, are key tools to enable this additional security. This post will compare these three apps, focusing on their features, usability, and security capabilities.

Google Authenticator

Google Authenticator is a straightforward app that provides the basic functionalities of an authenticator app without any extra features. Unlike Microsoft Authenticator, it doesn’t offer any special options for its own services. Initially, a key drawback was the lack of online backup for account codes, which meant that if you lost your phone, you would have to set up your accounts on a new device manually.

However, Google has made significant strides in improving its app. Recently, Google Authenticator added cloud syncing, allowing users to sync their two-factor authentication codes to their Google account. This feature simplifies the setup process when you log into a new device and makes recovering from lost or stolen phones less daunting. This update also introduced a fresh new logo, switching from the drab vault look to a vibrant asterisk in Google’s colors​.

Despite these updates, it’s important to note that cloud syncing may potentially introduce added risk. If a malicious actor gains access to your Google account, they could potentially gain access to a wide range of sensitive accounts. Therefore, it’s advised to apply extra caution and follow best security practices when enabling this feature.

Microsoft Authenticator

Microsoft Authenticator offers a robust feature set, including secure password generation and the ability to log into Microsoft accounts with a button press. Schools and workplaces can register users’ devices, and you can require unlocking your phone with a PIN or biometric verification to see the codes. One of the app’s key features is account recovery, which can be extremely helpful when you get a new phone.

The app also features password management options and syncs with the Microsoft account associated with the authenticator. This means you can see the saved and synced logins from the Edge browser. However, if you’ve backed up to iCloud, you can’t transfer your saved MFA accounts to an Android device, though this is true for most authenticators offering cloud backup.


Authy provides a user-friendly interface and robust security features that make it a strong contender in the realm of authenticator apps. Unlike Google Authenticator, Authy enables users to back up their 2FA tokens and restore them if their device is lost. This feature prevents account lockouts, a common issue with other authenticator apps. The backup feature is secure, with the encryption and decryption of data taking place on the device, ensuring no passwords are stored in the cloud.

One unique security measure that Authy employs is the requirement of a unique password for restoring two-factor backups and a toggle to allow (or prevent) multiple devices from being used with an account. This provides an additional layer of protection against unauthorized access.


Each of these authenticator apps brings valuable features to the table. Google Authenticator is an excellent choice for those who appreciate simplicity and are ingrained in the Google ecosystem. However, it’s worth noting that users need to be vigilant when enabling the cloud syncing feature due to potential security risks.

On the other hand, Microsoft Authenticator offers a more feature-rich environment, especially for those using Microsoft services. It provides an extra layer of security with its account recovery feature and allows for seamless integration with Microsoft’s Edge browser.

Lastly, Authy stands out with its focus on preventing account lockouts and securely backing up 2FA tokens. It provides a unique password for restoring backups and gives users the option to allow or prevent multiple devices from being used with an account, adding another layer of control over account security.

Remember, the best authenticator app for you depends on your specific needs and preferences. Whichever app you choose, the important thing is that you’re taking an extra step to protect your online accounts. Multi-factor authentication is not just a recommendation; it’s a necessity in today’s digital world.

Until next time,


Scammers and Technology – Real Life Story of Catfishing / Scammed – Part 2


catfishing Phishing

As promised, part 2 is a real-life story of someone being scammed or catfished on social media. Awareness is important. Pass this story along to your friends and family. If you didn’t read part 1, read it now. Names, places, and images have been obscured to protect the scammed person.

Judy, a woman in her sixties hailing from Rhode Island, had built a life around consistency and hard work. Every day, she would clock into her job at Lowe’s, stack shelves, assist customers, and then head to her side job cleaning houses. But Judy had a hidden passion that contrasted her ordinary life – she was a massive fan of music, especially rock and roll.

One day, while on her lunch break at Lowe’s, Judy discovered a Facebook page of a man claiming to be Mick Jagger from The Rolling Stones. She was a huge fan, and interacting with him was thrilling. His posts were engaging, sharing behind-the-scenes stories about the music industry and tales of his personal life, including a tumultuous divorce he was currently going through.

Excited and starstruck, Judy reached out, expressing her admiration for his music. To her delight, ‘Mick’ responded, and they began a friendly online relationship. They discussed his music, his bandmates, and his brutal divorce. Judy felt a connection, and to support him during his trying times, she decided to donate $500 to a charity ‘Mick’ claimed to support.

Weeks passed, but Judy never received a thank you or acknowledgment from the charity. When she asked Mick about it, he profusely apologized, claiming it was an oversight.

Then, one day, ‘Mick’ shared a distressing story – his divorce was financially draining, and he was at risk of losing his recording studio. Feeling sympathetic and wanting to help her idol, Judy sent him $5,000 from her savings.

Over the next year, ‘Mick’ continued to share his struggles, and each time, Judy sent more money to help. All in all, she sent over $30,000 to the man she believed to be Mick Jagger.

While cleaning a client’s house one day, she overheard a news segment on the radio about the real Mick Jagger giving a concert in London the previous night; simultaneously, she had been chatting with ‘Mick’ online. A sinking feeling overcame her, and she decided to investigate further.

After much digging, she discovered the truth. The man she had been talking to was not Mick Jagger but an impersonator using his identity to scam unsuspecting fans. Judy was devastated. She reported the impersonator to the police and Facebook, but the money she had sent was gone.

However, Judy was a resilient woman. She didn’t let this setback keep her down. Instead, she used her story to educate others about the dangers of online scams and the importance of verifying identities online. She continued to work hard at Lowe’s and her cleaning business, slowly rebuilding her savings.

Judy’s story is a reminder that scams can happen to anyone, even those with the best intentions. But it’s also a story of resilience and strength. Despite being deceived, Judy did not lose her love for music, and she did not lose her spirit. She was a scam victim but refused to be defined by it. Instead, she used her experience to empower others, turning a negative experience into a positive impact.

Until next time,

The Importance of Multi-Factor Authentication and How to Enable It on LinkedIn and Facebook


In an age where cyber threats are an unfortunate part of daily digital life, protecting your online accounts is paramount. I get asked or hear about a relative/friend getting hacked because of just having a simple or easily crackable password. One of the most effective ways to bolster your online security is through Multi-Factor Authentication (MFA), often referred to as Two-Factor Authentication (2FA). In this post, we’ll dive into the importance of MFA and guide you on activating it on popular social media platforms: LinkedIn and Facebook.

What is Multi-Factor Authentication?

Multi-Factor Authentication is a security measure that requires users to present two or more forms of identification before accessing their accounts. This can include something you know (like a password), something you have (like a mobile device), and something you are (like a fingerprint).

MFA adds a layer of security to the standard username/password model, making it significantly more difficult for unauthorized users to access your accounts. Even if a hacker obtains your password, they must bypass the second (or third) authentication factor, which is typically much more challenging.

Why is Multi-Factor Authentication Important?

In an era where data breaches are increasingly common, MFA provides enhanced security for your digital accounts. Here are a few key reasons why MFA is essential:

1. Enhanced Security: As discussed, MFA makes it much harder for cybercriminals to gain unauthorized access to your account. Even if they crack your password, they must overcome the additional authentication factor(s).

2. Data Protection: By securing your account with MFA, you protect your budget and personal and professional data. This is particularly important for business accounts, which often contain sensitive data.

3. Minimized Risk of Identity Theft: Cybercriminals often use stolen account information to impersonate the account holder, leading to identity theft. By using MFA, you can significantly reduce this risk.

4. Compliance with Industry Standards: Many industries require MFA to meet security standards and regulations. For example, businesses handling credit card data must comply with the Payment Card Industry Data Security Standard (PCI DSS), which mandates MFA.

Now that we understand MFA’s importance let’s look at how to enable it on LinkedIn and Facebook.

Enabling Multi-Factor Authentication on LinkedIn

On the LinkedIn Website

  1. Click on your avatar in the top-right corner of the LinkedIn website. In the open menu, click the “Settings & Privacy” option.

Click on the Account tab, scroll down to the “Two-Step Verification” section, and click the “Change” link. 3. The section will expand. Click the “Turn On” button.

  1. You can choose whether to use an authenticator app to generate a code for you or to receive SMS (text) messages with the code. Select your preferred method, and then click the “Continue” button.
  2. Enter your password in the prompt that appears and then click “Done.”
  3. The instructions for adding an account to your authenticator app are displayed. Add a new account in your authenticator app, scan the QR code using your phone’s camera, and once the account is created, enter the six-digit code from the authenticator app into the text box in LinkedIn and click “Continue.”
  4. Two-factor authentication is now turned on. Click on “Recovery Codes” to display the backup codes, so you can still get in if you ever lose your phone.
  5. Click “Copy Codes” and save them somewhere secure. If you ever lose or wipe your phone, you’ll need them to get into your LinkedIn account.
  6. Now that you’ve turned on two-factor authentication, you must log in again through any other devices you use, such as your phone.

On the LinkedIn Mobile App

  1. Open the LinkedIn app and tap your profile picture.
  2. Then select the “View Profile” link.
  3. Tap on the Settings gear in the top-right corner.
  4. Open the “Privacy” tab, scroll down, and tap “Two-Step Verification.”
  5. Select the “Set Up” button.
  6. Choose whether to use an authenticator app to generate a code for you or to receive SMS (text) messages with the code. Select your method and tap “Continue.”
  7. Enter your password in the prompt that appears and then tap the “Submit” button.
  8. The instructions for adding an account to your authenticator app are displayed. Add a new account to your authenticator app and tap “Continue.”
  9. Enter the six-digit code from the authenticator app into the text box in LinkedIn and tap “Verify.”
  10. Two-factor authentication is now turned on. You won’t have to enter the two-factor code on your phone, although you will have to enter it if you access LinkedIn on any other device.
  11. Tap the “Recovery Codes” link to display the backup codes, so you can still get in if you ever lose your phone.
  12. Tap “Copy Codes” and save them somewhere secure. If you ever lose or wipe your phone, you’ll need them to get into your LinkedIn account.
  13. Now that you’ve turned on two-factor authentication, you must log in again on any other devices you own using the two-factor code.

Enabling Multi-Factor Authentication on Facebook

On Facebook Web Browser

  1. Log into Facebook and select the downward arrow icon in the top-right section, then Choose Settings & Privacy.
  2. Click on Settings.
  3. Choose Security & Login in the left-hand menu.
  4. Scroll down and click on Use two-factor authentication.
  5. Click on Use text message (SMS), then follow the prompts and assign the contact to receive your 2FA codes. Now, anytime you log into Facebook, you must verify a random code sent to that security method. But do beware; if you do not have access to that method, you may be unable to log into your Facebook account in the future.

On the Facebook Mobile App (Android)

  1. Open the Facebook app and tap on the three horizontal lines in the upper right-hand corner. Then, tap on Settings & Privacy, and then choose Settings.
  2. Select Security and Login.
  3. Tap on Use two-factor authentication.
  4. Choose the option to turn 2FA on. Then, verify that it is on (it gives you the option to turn it off).

On the Facebook Mobile App (iOS)

  1. Open the Facebook app on your iPhone and tap on the three horizontal lines in the lower right-hand corner.
  2. Select Settings & Privacy, followed by Settings.
  3. Choose Security and Login.
  4. Tap on Use two-factor authentication.
  5. Tap Turn On or Turn Off to enable or disable 2FA. After you’ve enabled 2FA, verify that the phone number is one where you can receive text messages and alerts.


Multi-Factor Authentication is a simple yet powerful method to add an extra layer of security to your online accounts. Requiring additional information beyond just your password makes it significantly harder for cybercriminals to gain unauthorized access to your accounts. Whether it’s a code sent to your phone via SMS or a code generated by an authentication app, this additional step can deter potential attacks and protect your personal and professional information from being compromised.

While it might seem inconvenient sometimes, the peace of mind it provides by safeguarding your digital identity and data is invaluable. The extra time it takes to enter a second factor of authentication is nothing compared to the time and stress caused by dealing with a compromised account. Considering the rising threats of cyber attacks, phishing attempts, and data breaches, Multi-Factor Authentication is no longer an option but a necessity for online security.

Remember that each layer of security you add makes it exponentially harder for anyone to break into your account. With Multi-Factor Authentication, even if someone manages to guess or steal your password, they would still need your phone or access to your email account to get in. This is a significant hurdle for cybercriminals and can be enough to deter many types of attacks.

While MFA significantly improves your account’s security, it’s also important to note that it’s not a silver bullet. It should be part of a comprehensive approach to online security that includes using strong, unique passwords, being careful about the personal information you share online, and being aware of the latest phishing and scam tactics.

As demonstrated above, enabling MFA on popular platforms like LinkedIn and Facebook is straightforward and doesn’t require any technical expertise. So, if you haven’t done so already, take a few moments to turn on MFA for your accounts and add an essential layer of security to your online presence. In today’s digital age, it’s not just about protecting your accounts; it’s about protecting your identity, personal information, and, ultimately, your peace of mind.

Until next time,


The Dangers of TikTok: A Deep Dive into the Technical Concerns


TikTok, a social media platform owned by ByteDance, a Beijing-based company, has taken the world by storm. Its short-form video content has attracted millions of users, particularly among the younger generation. However, as with any technology, it comes with its own set of risks and concerns. This blog post will delve into the technical dangers associated with TikTok, including data privacy, censorship, and potential misuse of the platform.

Data Privacy and Security

One of the most significant concerns with TikTok is data privacy. The app collects a vast amount of data from its users, including location data, device information, browsing history, and even user keystrokes and behavioral patterns. This data collection is not unique to TikTok; many social media platforms collect similar information. However, the concern arises from how this data is stored and used.

TikTok’s parent company, ByteDance, is based in China, known for its strict internet regulations and government surveillance. This has led to concerns that the Chinese government could access the data collected by TikTok. While TikTok has repeatedly denied these claims, the potential for data misuse remains a significant concern.

Furthermore, TikTok’s data security measures have also been questioned. In 2020, cybersecurity firm Check Point discovered multiple vulnerabilities in the app that could allow hackers to manipulate user data and reveal personal information. While these issues have since been addressed, they highlight the potential risks associated with the platform.

Censorship and Content Control

Another technical concern with TikTok is censorship and content control. There have been numerous reports of the platform suppressing certain types of content, particularly those that criticize the Chinese government or discuss controversial topics such as the Hong Kong protests or the Uighur crisis.

TikTok uses a combination of artificial intelligence and human moderators to monitor and control the content on the platform. While this is ostensibly done to maintain a safe and positive environment, it raises concerns about freedom of speech and the potential for political manipulation.

Potential Misuse of the Platform

Finally, there is the potential for misuse of the platform. TikTok’s popularity, particularly among younger users, makes it a prime target for cyberbullying, predatory behavior, and spreading harmful or misleading content. The platform has implemented various measures to combat these issues, including age restrictions and content moderation, but these problems persist.

Moreover, the short-form, viral nature of TikTok content can also contribute to the spread of misinformation. This is particularly concerning in political or health-related content, where misinformation can have serious real-world consequences.


While TikTok provides a unique and engaging platform for sharing short-form video content, it is not without its risks. Concerns about data privacy, censorship, and the potential misuse of the platform highlight the need for users to be aware of these issues and take appropriate precautions when using the app.

Ultimately, the responsibility for addressing these concerns lies with TikTok and its parent company and with governments and regulatory bodies. They must ensure that the necessary regulations and safeguards are in place to protect users and their data. As consumers, it is also crucial for us to stay informed about these issues and make conscious decisions about the apps and platforms we use.

And remember, while it’s fun to watch a cat playing the piano or a dog doing a backflip, it’s not so fun when your personal data is doing a backflip into the wrong hands. So, next time you’re about to share that hilarious video of you lip-syncing to your favorite song, just remember: safety first, viral fame second. After all, nobody wants their 15 minutes of fame to turn into a lifetime of privacy concerns. Stay safe, stay informed, and keep on TikToking… responsibly!

Until next time,


Scammers and Technology – How they invade your life via text, email, and social media – Part 1

Scammers are something that I have been watching for a long time. This is affected me personally with my mother, that was scammed years ago.  See “Police warn ‘Jamaican lottery’ scam preys on the elderly.”   When I say Scammers, I mean anybody using technology to take advantage of someone.

In this series of posts, I will break it all down starting from a consumer perspective on how people get scammed.

What does the scammer do simply?

They often make false promises, such as opportunities to buy products, invest your money, or receive free product trials. They may also offer you money through free grants and lotteries. Some scammers may call with threats of jail or lawsuits if you don’t pay them. Or just impersonate a famous person to gain trust and eventually your money.

Scams come in many forms and factors, but most of them are in trying to take advantage of our honesty. Text messages or any messaging app we use like these are quick to grab our attention. Studies show that the majority of incoming messages are opened within 15 minutes of receipt. Scammers know this and sometimes target consumers with “phishing” scams via text messages or another messaging service.


Text message or SMS phishing—also called “smishing”—occurs when scammers use deceptive text messages to lure consumers into providing their personal or financial information. The scammers that send smishing messages often impersonate a government agency, bank, or other company to lend legitimacy to their claims. Smishing messages typically ask consumers to provide usernames and passwords, credit and debit card numbers, PINs, or other sensitive information that scammers can use to commit fraud. It can happen like this:

“John” received a text message that appeared to be from his local credit union. The message stated that his debit card had been deactivated. The message instructed him to call a toll-free telephone number, which he did. When John received a recording that asked him to enter his debit card and PIN, he hung up. He then called his credit union and spoke to a representative who stated his debit card was working properly and the text message was a scam.

“Catherine” received a text message from a local telephone number that stated she could receive a free $1,000 shopping spree at a big discount store if she were one of the first 100 visitors to a website linked to the message. Catherine immediately opened the link and was asked to enter her email address and credit card number. Catherine noticed that the website had the same color scheme and a similar font as the store’s website, but the store’s name was spelled incorrectly, and the URL did not start with “https://” like a secure website usually does. Catherine closed the link without providing any information and called her cell phone company to report the text message as a scam.

Social Media Scams

Scam #1: Social media phishing

Scammers create fake social media posts and profiles to convince you to share your personal or financial information. The profile may use a real company’s name or logo and often links to a fake website where you’re asked to enter your checking account or credit card number, SSN, or other sensitive information.

Common ploys include:

  • Requests to report vaccine side effects
  • Offers to receive grants or government benefits
  • Deep discounts on expensive products
  • Requests for charitable donations

If you provide your information to the scammer, it can be used to access your bank account, make fraudulent purchases, or steal your identity.

Other social media phishing tactics are quizzes that lure victims with clever questions such as “Which celebrity do you look like?” Launching a quiz app may unknowingly give a third-party access to your profile data that could be used to hijack your social media account or install malware.

Scam #2: Hacked profiles with requests for money

Instead of creating a fake profile, scammers may take over an existing one. This can happen when a scammer steals a username and password through a data breach, phishing, or malware. Scammers use the hacked profile to contact the person’s friends and family, ask for money, or promote a link to a fraudulent site they own.

Scam #3: Online dating

Scammers create fake social media profiles and use the promise of love to trick naive victims into sending them money. They may use a fictional name or falsely assume the identities of aid workers, military personnel, or professionals working abroad.

Once they gain your trust, they may claim to need funds for an emergency or other hardship and convince you to share your account information or send money before disappearing.

Some telltale signs of this scam include poor or vague communication, flowery language, a small number of Facebook or Instagram pictures and posts, or a Twitter account with just a few tweets.

Scam #4: Card cracking and job scams

In card cracking schemes, scammers use social media to post opportunities to make “easy money” in a way they say is “legit.” They typically request your debit card, PIN, and/or mobile banking username and password to deposit a fake check into your account. They may ask you to report your card lost or stolen or that your username and password have been compromised in order to seek reimbursement from your bank. In exchange, scammers promise you a portion of the money you deposit.

After gaining access to your account, scammers can transfer money or deposit phony checks and quickly make withdrawals before your bank identifies the bad checks. Not only are you robbed of your money, but you may also face hefty fines and criminal charges because your participation in this scheme makes you a co-conspirator.

In job scams, victims are promised a high-paying job in return for a small “advance fee” to secure a position that doesn’t actually exist. The phony employer may also send a new employee a fake check before their start date and require them to send back some money to pay for training or supplies. If the employee deposits the fake check, they will be responsible for the check amount and any money sent to the scammer.

Pull the plug on social media scammers with Do’s and Don’ts

Proof of social media’s explosive popularity is in the numbers. In 2021, 82% of the US population had a social networking profile.

A growing number of U.S. consumers are getting scammed on social media, according to a new report by the Federal Trade Commission (FTC), which revealed that consumers lost $770 million to social media scams in 2021 — a figure that accounted for about one-fourth of all fraud losses for the year.

  • Do set your profiles to private and restrict your social media contacts to people you know personally.

  • Do be on the lookout for suspicious posts, including limited-time offers, discounts that seem too good to be true, and requests for personal or account information.

  • Do be wary of individuals you meet through social media sites, especially if they promise romance before you’ve met in person.

  • Do create a unique username and password for each app and website you use to help protect against unauthorized access across multiple accounts.

  • Don’t accept friend requests from strangers.

  • Don’t respond to online solicitations for “easy money” and be wary of requests to send money back to an employer.

  • Don’t click on suspicious links, even in posts from people you know – their accounts may have been hacked.

  • Don’t fill out every field on your social media profile, such as your phone number and home address – including these details increases the chance of identity theft should you be hacked.

  • Don’t send money to someone you have only met online. If you receive a request from a friend or family member for money, always contact them using a different method to make sure their profile was not hacked.

  • Government agencies, banks, and other legitimate companies never ask via text message for personal or financial information, like usernames, passwords, PINs, or credit or debit card numbers.

  • Don’t be rushed. Smishing scams attempt to create a false sense of urgency by implying that an immediate response is required or that there is a limited time to respond.

  • Don’t “click” open links in unsolicited text messages. Clicking the link may infect your mobile device with a virus or malware designed to steal the personal or financial information stored on the device.

  • Don’t call a telephone number listed in an unsolicited text message. To hide their identity, scammers often use email-to-text technology, shortcodes, or spoofed local numbers. You should contact any bank, government, agency, or company identified in the text message using the information listed in your records.

  • Don’t respond to smishing messages; even to ask the sender to stop contacting you. Responding to smishing messages verifies that your phone number is active and that you are willing to open such messages, which may increase your unsolicited text messages.

  • Use caution when providing your cell phone number or other information in response to pop-up advertisements and “free trial” offers. This personal information can be easily bought, sold, and traded, making you a target for smishing scams.

  • Never provide your personal or financial information in response to text messages from unknown senders. Verify the identity of the sender and take the time to ask yourself why the sender is asking for your information.

  • Use the same safety and security practices on your cell phone as you do on your computer: be cautious of text messages from unknown senders and unusual text messages from senders you know, and keep your security software and applications up to date.

My next post will investigate one particular case I was involved in, and I will detail how the person was scammed and what we did to stop them and end it. 

Until next time,

Top Cyber Security Trends of 2018: New Threats on the Horizon

Enterprise cloud security is a 24/7 job, which means IT teams must always pay attention to every aspect of a company’s private, public and hybrid cloud infrastructure. And as challenging as it is today, there will always be new cybersecurity concerns in the future. Continue reading