Tag Archives: MFA

A Comparative Review of Authentication Apps: Microsoft Authenticator, Google Authenticator, and Authy

Featured

Posted on by


In a world where data breaches and account hacks are unfortunate, the need for increased security measures has never been more important. One of the more secure forms of protection is multi-factor authentication (MFA), also known as two-factor authentication (2FA), which adds an additional layer of protection to your online accounts. Authenticator apps, such as Microsoft Authenticator, Google Authenticator, and Authy, are key tools to enable this additional security. This post will compare these three apps, focusing on their features, usability, and security capabilities.

Google Authenticator

Google Authenticator is a straightforward app that provides the basic functionalities of an authenticator app without any extra features. Unlike Microsoft Authenticator, it doesn’t offer any special options for its own services. Initially, a key drawback was the lack of online backup for account codes, which meant that if you lost your phone, you would have to set up your accounts on a new device manually.

However, Google has made significant strides in improving its app. Recently, Google Authenticator added cloud syncing, allowing users to sync their two-factor authentication codes to their Google account. This feature simplifies the setup process when you log into a new device and makes recovering from lost or stolen phones less daunting. This update also introduced a fresh new logo, switching from the drab vault look to a vibrant asterisk in Google’s colors​.

Despite these updates, it’s important to note that cloud syncing may potentially introduce added risk. If a malicious actor gains access to your Google account, they could potentially gain access to a wide range of sensitive accounts. Therefore, it’s advised to apply extra caution and follow best security practices when enabling this feature.

Microsoft Authenticator

Microsoft Authenticator offers a robust feature set, including secure password generation and the ability to log into Microsoft accounts with a button press. Schools and workplaces can register users’ devices, and you can require unlocking your phone with a PIN or biometric verification to see the codes. One of the app’s key features is account recovery, which can be extremely helpful when you get a new phone.

The app also features password management options and syncs with the Microsoft account associated with the authenticator. This means you can see the saved and synced logins from the Edge browser. However, if you’ve backed up to iCloud, you can’t transfer your saved MFA accounts to an Android device, though this is true for most authenticators offering cloud backup.

Authy

Authy provides a user-friendly interface and robust security features that make it a strong contender in the realm of authenticator apps. Unlike Google Authenticator, Authy enables users to back up their 2FA tokens and restore them if their device is lost. This feature prevents account lockouts, a common issue with other authenticator apps. The backup feature is secure, with the encryption and decryption of data taking place on the device, ensuring no passwords are stored in the cloud.

One unique security measure that Authy employs is the requirement of a unique password for restoring two-factor backups and a toggle to allow (or prevent) multiple devices from being used with an account. This provides an additional layer of protection against unauthorized access.

Conclusion

Each of these authenticator apps brings valuable features to the table. Google Authenticator is an excellent choice for those who appreciate simplicity and are ingrained in the Google ecosystem. However, it’s worth noting that users need to be vigilant when enabling the cloud syncing feature due to potential security risks.

On the other hand, Microsoft Authenticator offers a more feature-rich environment, especially for those using Microsoft services. It provides an extra layer of security with its account recovery feature and allows for seamless integration with Microsoft’s Edge browser.

Lastly, Authy stands out with its focus on preventing account lockouts and securely backing up 2FA tokens. It provides a unique password for restoring backups and gives users the option to allow or prevent multiple devices from being used with an account, adding another layer of control over account security.

Remember, the best authenticator app for you depends on your specific needs and preferences. Whichever app you choose, the important thing is that you’re taking an extra step to protect your online accounts. Multi-factor authentication is not just a recommendation; it’s a necessity in today’s digital world.

Until next time,

Rob

The Importance of Multi-Factor Authentication and How to Enable It on LinkedIn and Facebook

Featured

Posted on by

In an age where cyber threats are an unfortunate part of daily digital life, protecting your online accounts is paramount. I get asked or hear about a relative/friend getting hacked because of just having a simple or easily crackable password. One of the most effective ways to bolster your online security is through Multi-Factor Authentication (MFA), often referred to as Two-Factor Authentication (2FA). In this post, we’ll dive into the importance of MFA and guide you on activating it on popular social media platforms: LinkedIn and Facebook.

What is Multi-Factor Authentication?

Multi-Factor Authentication is a security measure that requires users to present two or more forms of identification before accessing their accounts. This can include something you know (like a password), something you have (like a mobile device), and something you are (like a fingerprint).

MFA adds a layer of security to the standard username/password model, making it significantly more difficult for unauthorized users to access your accounts. Even if a hacker obtains your password, they must bypass the second (or third) authentication factor, which is typically much more challenging.

Why is Multi-Factor Authentication Important?

In an era where data breaches are increasingly common, MFA provides enhanced security for your digital accounts. Here are a few key reasons why MFA is essential:

1. Enhanced Security: As discussed, MFA makes it much harder for cybercriminals to gain unauthorized access to your account. Even if they crack your password, they must overcome the additional authentication factor(s).

2. Data Protection: By securing your account with MFA, you protect your budget and personal and professional data. This is particularly important for business accounts, which often contain sensitive data.

3. Minimized Risk of Identity Theft: Cybercriminals often use stolen account information to impersonate the account holder, leading to identity theft. By using MFA, you can significantly reduce this risk.

4. Compliance with Industry Standards: Many industries require MFA to meet security standards and regulations. For example, businesses handling credit card data must comply with the Payment Card Industry Data Security Standard (PCI DSS), which mandates MFA.

Now that we understand MFA’s importance let’s look at how to enable it on LinkedIn and Facebook.

Enabling Multi-Factor Authentication on LinkedIn

On the LinkedIn Website

  1. Click on your avatar in the top-right corner of the LinkedIn website. In the open menu, click the “Settings & Privacy” option.

Click on the Account tab, scroll down to the “Two-Step Verification” section, and click the “Change” link. 3. The section will expand. Click the “Turn On” button.

  1. You can choose whether to use an authenticator app to generate a code for you or to receive SMS (text) messages with the code. Select your preferred method, and then click the “Continue” button.
  2. Enter your password in the prompt that appears and then click “Done.”
  3. The instructions for adding an account to your authenticator app are displayed. Add a new account in your authenticator app, scan the QR code using your phone’s camera, and once the account is created, enter the six-digit code from the authenticator app into the text box in LinkedIn and click “Continue.”
  4. Two-factor authentication is now turned on. Click on “Recovery Codes” to display the backup codes, so you can still get in if you ever lose your phone.
  5. Click “Copy Codes” and save them somewhere secure. If you ever lose or wipe your phone, you’ll need them to get into your LinkedIn account.
  6. Now that you’ve turned on two-factor authentication, you must log in again through any other devices you use, such as your phone.

On the LinkedIn Mobile App

  1. Open the LinkedIn app and tap your profile picture.
  2. Then select the “View Profile” link.
  3. Tap on the Settings gear in the top-right corner.
  4. Open the “Privacy” tab, scroll down, and tap “Two-Step Verification.”
  5. Select the “Set Up” button.
  6. Choose whether to use an authenticator app to generate a code for you or to receive SMS (text) messages with the code. Select your method and tap “Continue.”
  7. Enter your password in the prompt that appears and then tap the “Submit” button.
  8. The instructions for adding an account to your authenticator app are displayed. Add a new account to your authenticator app and tap “Continue.”
  9. Enter the six-digit code from the authenticator app into the text box in LinkedIn and tap “Verify.”
  10. Two-factor authentication is now turned on. You won’t have to enter the two-factor code on your phone, although you will have to enter it if you access LinkedIn on any other device.
  11. Tap the “Recovery Codes” link to display the backup codes, so you can still get in if you ever lose your phone.
  12. Tap “Copy Codes” and save them somewhere secure. If you ever lose or wipe your phone, you’ll need them to get into your LinkedIn account.
  13. Now that you’ve turned on two-factor authentication, you must log in again on any other devices you own using the two-factor code.

Enabling Multi-Factor Authentication on Facebook

On Facebook Web Browser

  1. Log into Facebook and select the downward arrow icon in the top-right section, then Choose Settings & Privacy.
  2. Click on Settings.
  3. Choose Security & Login in the left-hand menu.
  4. Scroll down and click on Use two-factor authentication.
  5. Click on Use text message (SMS), then follow the prompts and assign the contact to receive your 2FA codes. Now, anytime you log into Facebook, you must verify a random code sent to that security method. But do beware; if you do not have access to that method, you may be unable to log into your Facebook account in the future.

On the Facebook Mobile App (Android)

  1. Open the Facebook app and tap on the three horizontal lines in the upper right-hand corner. Then, tap on Settings & Privacy, and then choose Settings.
  2. Select Security and Login.
  3. Tap on Use two-factor authentication.
  4. Choose the option to turn 2FA on. Then, verify that it is on (it gives you the option to turn it off).

On the Facebook Mobile App (iOS)

  1. Open the Facebook app on your iPhone and tap on the three horizontal lines in the lower right-hand corner.
  2. Select Settings & Privacy, followed by Settings.
  3. Choose Security and Login.
  4. Tap on Use two-factor authentication.
  5. Tap Turn On or Turn Off to enable or disable 2FA. After you’ve enabled 2FA, verify that the phone number is one where you can receive text messages and alerts.

Conclusion

Multi-Factor Authentication is a simple yet powerful method to add an extra layer of security to your online accounts. Requiring additional information beyond just your password makes it significantly harder for cybercriminals to gain unauthorized access to your accounts. Whether it’s a code sent to your phone via SMS or a code generated by an authentication app, this additional step can deter potential attacks and protect your personal and professional information from being compromised.

While it might seem inconvenient sometimes, the peace of mind it provides by safeguarding your digital identity and data is invaluable. The extra time it takes to enter a second factor of authentication is nothing compared to the time and stress caused by dealing with a compromised account. Considering the rising threats of cyber attacks, phishing attempts, and data breaches, Multi-Factor Authentication is no longer an option but a necessity for online security.

Remember that each layer of security you add makes it exponentially harder for anyone to break into your account. With Multi-Factor Authentication, even if someone manages to guess or steal your password, they would still need your phone or access to your email account to get in. This is a significant hurdle for cybercriminals and can be enough to deter many types of attacks.

While MFA significantly improves your account’s security, it’s also important to note that it’s not a silver bullet. It should be part of a comprehensive approach to online security that includes using strong, unique passwords, being careful about the personal information you share online, and being aware of the latest phishing and scam tactics.

As demonstrated above, enabling MFA on popular platforms like LinkedIn and Facebook is straightforward and doesn’t require any technical expertise. So, if you haven’t done so already, take a few moments to turn on MFA for your accounts and add an essential layer of security to your online presence. In today’s digital age, it’s not just about protecting your accounts; it’s about protecting your identity, personal information, and, ultimately, your peace of mind.

Until next time,

Rob