Why should you use an authenticator app? The short answer: because they make your accounts much more secure. Here’s why.
In general, passwords are a poor way to protect an online account. This is because most people don’t use safe password practices. Instead, people often choose weak passwords that are easy to remember, but also easy to guess. It is also common for people to reuse passwords for multiple websites. Short passwords are also a problem since cracking them is only a matter of time.
One solution is to use a password manager that generates long, complex passwords and remembers them for you. This can eliminate both the problem of weak passwords and reused passwords. However, passwords can remain vulnerable for many reasons. As Ed Bott of ZDNet explains, “You can create a password that is so long and complex it takes you five minutes to type, and it will do nothing to protect you if the service where you use that password stores it improperly and then has their server breached. It regularly happens.” There are also the threats of phishing attacks that trick users into turning over their login credentials and malware that can steal credentials as users enter them in websites. No password is ever absolutely secure.
This is why truly strong cybersecurity requires creating layers of protection. If one type of protection fails, another is in place to stop the attack. One easy way to add effective protection to a website is to add two-factor authentication, or 2FA.
What Is 2FA And Why Do I Need It?
As we’ve discussed before, 2FA works by requiring users to prove their identity by having two of three types of credentials. For instance, you might enter a password (the first credential) into a website and then receive an access code (the second credential) by email or text. You need both the password and access code to access your account on the website. Another example is using your debit card (first credential) and PIN (second credential) to access your bank account at an ATM.
While some users find 2FA inconvenient, a 2019 study by Microsoft showed that 2FA blocks 99.9% of account attacks. But even though 2FA is highly effective at blocking hackers, it is not available on every website or app. This is where authenticator apps come in.
What Is An Authenticator App?
An authenticator app is an app that adds 2FA to accounts you want to protect. When you set up your account for 2FA, you will receive a secret key to enter into the authenticator app. This establishes a secure connection between the authenticator app and your account. Once this secure connection is established, the authenticator app will generate a 6-8 digit code that is required to access your account, similar to the access code a website would email to you.
What makes an authenticator app secure is that it is constantly generating new, temporary access codes. Even if a hacker has your password, they would still need this access code to login. But because these passcodes are continually changing, it’s nearly impossible for a hacker to crack the code before a new code is created. In other words, for anyone to access your protected account, they must know your password and have access to your phone in a very short time frame.
What Can Be Protected By An Authenticator App?
Authenticator apps can be used to protect any application that is set up to handle 2FA. This includes many social media sites and email providers. You might want to start by activating 2FA for accounts that contain payment information. This can include obvious ones such as banking, utilities, and shopping accounts, but might also include food delivery, subscription streaming, or app store accounts such as Google Play or the Apple App Store. You can also activate 2FA with most password managers.
Some companies, such as banks, have begun including their own authenticator tools within their apps to make them more secure and to avoid relying on a third-party app to keep your data safe. However, many times 2FA must be activated in your account settings, and many apps are still unprotected unless you install a third-party authenticator app yourself.
Are Authenticator Apps Safe?
Like all security software, authenticator apps are imperfect. For instance, some authenticator apps still don’t require passcodes or biometric locks to log into them, leaving them open to anyone who accesses a user’s phone. And earlier this year, researchers discovered a strain of Android malware that can steal one-time access codes from Google Authenticator. Vulnerabilities do exist in these apps.
However, authenticator apps are still an important component of cybersecurity. Like other cybersecurity software, they are designed to be part of a security plan that includes other tools as well. Their security can also be enhanced if users follow safe security practices. Importantly, authenticator apps are still more secure than most of their alternatives, such as receiving 2FA codes through SMS.
What Should I Look For In An Authenticator App?
Many security tools are now bundling multiple services to provide full security suites. If you use a password manager like LastPass or Dashlane, you likely already have access to an authenticator tool, as well as a VPN, dark web monitoring, credit monitoring, and so on (depending on your account type). So before you set up a new account with an authenticator app, take a look at what you already have.
If you don’t have an authenticator app and you’re not sure how to pick the right one, here are a few features to keep in mind.
- Compatibility: Choose an authenticator tool that matches the platforms you work on most. Some authenticator apps can handle Android, iOS, and Windows Mobile, but others serve only specific platforms.
- Account Limits: Another feature to consider is how many accounts an authenticator app will manage for free. Some like Google Authenticator offer protection for an unlimited number of accounts, but others require a subscription to cover over a certain number.
- Multiple Devices: As with most security tools, some authenticator apps allow you to install them on multiple devices, but others will require a subscription if you want to use them on more than one phone or a phone and tablet.
- Code Delivery: 2FA can deliver an access code to you through SMS, email, push notifications, or QR codes. SMS is the least secure way to receive these codes because of the risk of phishing, spoofing, and interception. As for the others, it’s a matter of user preference. But preference does matter because you’re most likely to actually use 2FA if it’s convenient for you.
- Backup: Some authenticator apps like Authy allowed users to backup their security keys for each account either through cloud storage or by printing them and storing them in a secure place. Others like Google Authenticator don’t allow this, believing that creating backups introduces a security vulnerability. There are good points on both sides of the argument, so this largely comes down to user preference.
An Important Layer In Your Line Of Defense
As more and more of our secure information gets stored on our mobile devices, we are creating new opportunities for identity theft. Unfortunately, no one security tool can fully protect us against these threats because they are diverse and constantly evolving.
However, enabling 2FA on our most high-value accounts can substantially increase our online security. The easiest way to do this is through an authenticator app. Despite their vulnerabilities, authenticator apps are still mostly secure, and in conjunction with other security measures, they can be an effective line of defense against the vast majority of cyber attacks.
If you’re looking for ways to make your website or network more secure, contact TracSoft’s IT Support team today. We can work with you to develop a customized security plan that fits your unique needs. Reach out today to schedule a free security assessment and learn how you can better protect yourself and your business.