The Benefits of Authenticator Apps
Nov
29
To use an authenticator app:
- Sign up and install an authenticator app on your mobile device.
- Go to any of your online accounts that support two-factor authentication (2FA).
- Choose the option to use an authenticator app.
- Tap on Add Account in your authenticator app.
- Tap on Scan QR Code in your authenticator app and scan the code the website shows you.
- Your authenticator app will add your account, giving your account a name and icon.
- The next time you sign into your account, you will need to open your authenticator app to enter an access code, which will only last for about 60 seconds before a new code generates.
How Authenticator Apps Work
Authenticator apps use a time-based one-time password (TOTP), a standardized method that generates a routinely changing code based on a shared secret. When setting up 2FA with an authentication app, the server of whatever online account you’re using creates a secret key made up of random numbers and letters. Then, users can save this key by either scanning a QR code or manually entering the longer code into their authenticator app. Doing this then shares the secret key between the server and the user’s phone.
When logging into their account next time, the server asks for proof of this key by prompting users with an access code. Users will then have to open their authenticator app (be it Google, Microsoft, etc.) and enter a six to eight-digit access code to log in. This code, however, isn’t the secret key. Instead, the authenticator app uses a secure-hash function to mix the secret key with the current time to produce a temporary access code. To make it even more secure, the access code is only valid for about 60 seconds, making the code that much more unique.
Why Authenticator Apps Are More Secure Than Text-Based Verification
Another way to protect your online accounts can be through a text message or SMS verification. But SMS verification ties directly to a user’s phone number and SIM card. Ultimately, this means that anyone with access to a user’s phone and/or SIM card can log in with SMS verification. A cybercriminal can attain a user’s SIM card by convincing a mobile provider to send them a SIM card with your number. Or they can intercept your text messages, also known as a “man-in-the-middle” attack.
An authenticator app makes it harder for cybercrime to occur by constantly changing access codes after about 60 seconds. So, if thieves do manage to intercept both the access code and a user’s password, they have a very limited time to use it. And while there are still ways for criminals to hack your account, having 2FA in place for online accounts is still better than not having one at all. And it’s why our password manager, Pass Wizard, gives users the option to add 2FA to their account, either through SMS or one-time password (OTP) via an authenticator app.
Pacific Software Publishing, Inc. 1404 140th Place N.E., Bellevue, WA 98007 |
PSPINC Creates Tools For Your Business |
Pacific Software Publishing, Inc. is headquartered in Bellevue, Washington and provides domain, web, and email hosting to more than 40,000 companies of all sizes around the world. We design and develop our own software and are committed to helping businesses of all sizes grow and thrive online. For more information you can contact us at 800-232-3989, by email at info@pspinc.com or visit us online at https://www.pspinc.com. |
The term "QR Code" is a registered trademark of DENSO WAVE INCORPORATED.