Authy
Discover what two factor authentication is and how it can help you.
1 Introduction
What is two factor authentication (2fa) and why is it important?
2fa is the process where a person must provide two different forms of identity to become authenticated. The goal of using a second form of authentication is to make it harder for a would-be thief by adding an additional layer of security. The more layers, the greater the chance that a casual thief will move on to an easier target. It does not make it impossible as there is always a way into a system for someone determined enough and with enough money.
More information can be found on the Wikipedia site here: https://en.wikipedia.org/wiki/Multi-factor_authentication
2 How does using 2fa help protect you?
By using a second form of authentication you hinder a would-be attacker and make their task of authenticating as you harder. In the case of website logins, instead of just requiring your email address and password to login, with 2fa they would also require a second piece of information. In the case of using Authy, they would also need your mobile phone.
3 Different types of 2fa
The main five different options for two factor authentication are:
| Type of authentication | Security level | Ease of use | Notes |
|---|---|---|---|
| SMS | 1 | 3 | Almost everyone has a mobile phone so adoption is easy however attackers can intercept SIM messages |
| App-Generated Codes | 2 | 2 | Most people have smart phones or a computer so adoption is easy. Harder for an attacker to gain access |
| Physical Authentication Keys | 3 | 1 | Harder for an attacker to gain access but also much harder to use. |
| App-Based Authentication | 2 | 2 | Most people have smart phones. Includes Authy, Microsoft & Google Authenticator apps |
| Email-Based | 1 | 3 | Easy to adopt as almost everyone has an email address however attackers can access mailboxes if they’re not secured with a 2fa |
Most companies will not offer all of the different types. Usually they offer a small subset.
Something is better than nothing.
4 Companies using a type of 2fa
More and more companies are recognising the value to their customers by offering additional authentication methods. This website aims to track them: https://twofactorauth.org/ You can search their website to see if either the company you use, or a competitor offer additional security measures for their customers. It is also possible to submit new entries you find that are missing from their list.
See the guide here for related information: https://github.com/2factorauth/twofactorauth/blob/master/CONTRIBUTING.md
5 Using Authy
I have chosen to look at Authy as it strikes the right balance of ease of use and security.
To get started, download the app to a mobile phone. You have the option of installing it to a computer though
I have not seen the need.
The download links can be found here: https://authy.com/download
Once installed, use the guides from the Authy website to help you get started: https://authy.com/guides