Two Factor Authentication

Two Factor Authentication is being forced upon everybody, but what method should you use and is it any good?

At MemorySmith Computing we use hardware tokens (the next level beyond 2FA) and mainly due to issues we have encountered with companies that force 2FA being unable to help you after you have a problem.

2FA using your phone is great but comes with issues. These issues usually appear when you get a new phone. The app you use will allow you to back up your authenticator for easy transfer to the new device but fails to let you know you cannot move between Android and IOS. Android forces backup to Google and IOS to the iCloud system. never shall the two talk to each other. This means if you change the type of phone you have, that you now have a long process moving your authenticator.

Moving can be an arduous task. Logging into every account, settings up a new authenticator and then removing the old. If you are lucky you get to give the authenticator a name in your services account, if not then it is a roll of the dice when you remove the old one.

This can then cause issues when you make a mistake and need the company to remove the security on your account. American companies (such as GoDaddy) can be quite difficult in giving you access to your account again. With email only support being the norm and slow response times, you can find it taking weeks to gain access to your account again.

So What else can I use? Well we recommend using your mobile phone number. You are less likely to change this as frequently as a mobile phone but it still comes with the same messing around of updating account details when you do. The same is true for if you use email authentication.

But don’t I need to use it to stay safe? Yes and no. Two factor authentication does keep your accounts safe. Mainly because people have a tendency to use the same 2 or 3 passwords for everything. Once one of these passwords is compromised then everything can be compromised. 

Hackers can also bypass most 2FA if they can gain access to your browser cookies making 2FA not as safe as it could be.

So what should I do?

1. Use different passwords for everything.
2. We prefer using text codes over authenticator apps to verify who you are.
3. Make sure you have more than one verification method on your accounts and keep your account details up to date.
4. Investigate using a FIDO key as a physical method of verification (although they come with their own issues).
5. Change your passwords every 6 months (checking your account details again)
6. Use a second mobile phone number as a backup (such as a partners device)