The threat posed by hackers and cyber criminals continues to grow; long gone are the days where a strong password was enough to secure your valuable private information. A more thoughtful and complex solution is needed. Thankfully, security concerns are central to the development of modern technology and a number of options are now available.
How Secure Is Two-Factor Authentication (2FA)?
The most effective of these new security protocols use two-factor authentication, or 2FA. 2FA combines something you know with something you have: the “something” you know being the username/password for the account and the something you have being your phone or mobile device. There are a number of different protocols utilizing this basic system, going by different names—Multi-Factor Authentication (MFA), Two-Step Verification (2SV)—but the concept and goal is the same: increase security of accounts and limit the threat of hackers and phishing attacks. Just like you would use a secure wallet, account security should also be upheld.
Here we will be looking at some of the best 2FA apps, both for Android and iOS operating systems. There are a number of different apps available that are suitable for a wide variety of needs and use scenarios, and we will look at some of the most popular ones. However, first let’s take a look at the technology to get a better understanding of how these protocols work and why they are superior to other forms of cryptocurrency account security.
Is SMS 2FA Secure Enough For Crypto?
When accessing an account that uses SMS messages the standard process of entering a username and password is only the first step. The second layer comes in the form of a message that is sent to your phone containing a one-time code—usually 5-6 digits. This code is then entered and the account is free to access. The greatest advantage of this format is convenience and ease of use: most people have access to a phone capable of receiving SMS messages and linking a phone to an account is simple. However, SMS 2FA does have its own issues.
Limitations Of SMS 2FA
The first and most basic of these issues deal with the physical limitations of cell phones and wireless networks. How will you access your online banking when your phone is dead? Perhaps you are in a dead-zone and there is no signal or the network is down for unknown reasons. Network coverage can also become an issue when travelling overseas. These limitations can prove to be extremely inconvenient.
Another concern some people have is what the websites will do with their phone number once they have it. Some websites may use phone numbers for targeted advertisements. Even more troublesome are websites that utilize phone numbers for password resets: if a hacker knows your phone number and the website authorizes password resets with a phone number someone can gain control of your account without ever needing to know the original password.
There is reason to be wary of putting your phone number out there: having the phone number associated with someone’s account can give attackers powerful ammunition. Hijacking accounts through the use of mobile numbers is known to be possible. These are enough reason for users to look to a better means of 2FA, and many have found this in the form of 2FA apps for their mobile devices.
TOTP & Push-Based 2FA
Time-Based One Time Password, or TOTP, protocols offer greater security than standard SMS based authentication and their popularity has continued to grow. These processes use an application that is downloaded onto a mobile device which generates codes based on a key, usually contained in a QR code.
When a website offers this type of security it will display a QR code that you then scan with your device. Once scanned, the app will create new 6-digit codes based on the key every 30 seconds to be used, along with password and username, to access the account.
This 2FA protocol has several advantages over other types of authentication. One improvement is that it can be utilized whether connected to a network or not, also since the codes are generated locally, on your phone, even if an attacker redirects your number to their own phone they still cannot access your accounts. When using TOTP many sites recommend printing a hard copy of the QR code, as well as several derivative codes, onto paper or plastic that can be stored in a safe location as a backup in case the mobile device is lost or stolen.
Disadvantages Of TOTP 2FA
One major disadvantage to this style is that if a phone is stolen or lost and no backups were created you may be out of luck. It is for this reason that many websites offering this security protocol recommend using SMS 2FA as a secondary precaution. For users that are regularly alternating between different devices and computers opening the app and entering codes can be a bit inconvenient depending on which app is used.
Some 2FA apps utilize “push-based” confirmation, which has gained popularity for its convenience. When logging in to an account a prompt is sent to a device notifying you that someone is attempting to log into the account. Only when the prompt has been answered—the button pushed—is the login completed.
Some users prefer the convenience this method offers: simply push a button, on codes, no texts. The method also makes some improvements over other 2FA formats regarding phishing attacks. Clever phishing attacks can attempt to circumvent SMS or TOTP 2FA by simply prompting users to enter the associated codes along with username/password and gain access this way. With Push-based 2FA, physical control of the device is necessary to complete the process. An approximate location of the IP address where the login originated is also displayed, and since most attacks don’t come from the same area where the user is located this can be a handy tool for spotting trouble.
Most Popular 2FA Apps
Using Authy For Crypto Exchanges
First up is the Authy 2FA app. It is a free download and is compatible with both Android and iOS. Authy offers a step by step guide to set up 2FA on most major websites and makes getting started easy for new users. It utilizes QR codes to generate different codes, called tokens, for each site making for a smooth initial set up.
A key feature of Authy is its ability to sync multiple devices giving users easier access to data and making it very convenient, without sacrificing security. Authy stores your data in the cloud, but only after it has been encrypted, and with decryption always taking place on your device tokens are always secure. Authy also allows you to set a password, PIN protection and Touch ID to protect all of your data on your device, adding additional protection: even if someone gets access to your phone they still cannot access your decrypted tokens without a password.
An attractive and easy to use interface adds to Authy’s appeal. The ability to manage tokens and limit which tokens can be accessed from which device makes for a customizable experience that is well suited for anyone with important information spread across different websites. Authy is a well-rounded app, and our top pick, that is definitely worth looking into for anyone that wants to upgrade their cyber-security.
Securing Crypto With LastPass Authenticator
LastPass is another 2FA app worth considering. It shares many of the same features as Authy, including encrypted backups, and the option for push-notifications. An offline mode is also available, keeping the user secure even in situations where a network connection is not available. However, there are some differences worth examining.
LastPass utilizes encrypted backups to secure your tokens and ensure against lost or stolen devices. However it requires users to create a LastPass account to manage their passwords: not the worst thing in the world, however, it is an added step and some users may not enjoy being forced to use a password manager they didn’t intend to use. Add to this that the two apps—the password manager and the authenticator—are not linked and you end up with a bit of an inconvenience. It is worth noting, however, that the LastPass password manager is a well-designed, highly functional app and if a user does need a password manager this is a good choice.
Why Use LastPass?
One useful feature that LastPass provides is the ability to adjust the parameters of your tokens. Users are able to modify the duration that the code is available as well as changing the length of the code itself. While the codes must be input manually instead of using QR codes, this is still a useful tool: depending on security vs. convenience users can adjust their codes for different accounts for a more unique, customizable experience.
The biggest shortcoming for LastPass is the lack of desktop and smartwatch availability. Depending on device preferences, this could hurt the appeal of LastPass. Despite this, it is a well-designed app with strong security protocols and an easy to use interface and is worth a closer look for anyone that values account security.
Google Authenticator For Crypto 2FA
Here we have another 2FA option that is downloadable for free and works for both Android and iOS. This app has gained popularity both for its convenience and its high level of security. Like Authy, Google Authenticator functions across a variety of devices including compatibility with smartwatches and desktops and features offline mode to generate codes without a network connection.
In fact, Google Authenticator stands up well to Authy regarding security with one main difference: there are no backups created for your data on the Google 2FA app. Your database exists only on your device. This can be a bit of an inconvenience when upgrading phones or a complete nightmare if a device is stolen or damaged and hardcopies of tokens weren’t created. However, some users prefer this since it means that no tokens or passwords ever leave the device. Many people are uncomfortable with the idea of all of their tokens being stored in the cloud, even if they are encrypted as in the case of Authy.
What Are The Limitations?
However, aside from its added level of security and wide availability, Google Authenticator does have its issues. While the desktop version is available on all desktop platforms, users are limited to a Google Chrome extension. Not necessarily a deal-breaker, but worth noting. The lack of the multi-device syncing may also turn off people regularly alternating between devices and the lack of passcode protection hurt its appeal.
While Google Authenticator set the standard for 2FA in an app, there are many new and different options available now. However for users that are uncomfortable with the idea of their tokens being stored in the cloud and prefer the bare bones, utilitarian interface this app is still a strong choice worth investigating.
Duo Mobile 2FA Security
This is a free 2FA app that was created with businesses in mind and its platform is designed to manage the accounts and passwords of multiple users. However, it can function just as well for single users and has some appealing features that are worth a closer look.
Duo has an official app for Apple Watch, which appeals to users as well as having independent apps for desktop use (Mac & Windows) so users don’t need to have their phone alongside their computer. Like Authy and other apps Duo also supports encrypted backups of all databases on iCloud and Google drive respectively. Push notifications and the ability to operate without a network connection also make for an easy to use, convenient app.
Duo’s team is constantly releasing upgrades and working to improve their design, however, it is not without its own shortcomings. Unlike Authy, Duo does not offer passcode protection, a feature you would expect in a security app. Another let-down is the lack of device synching; an inconvenience that could steer some users away. Duo is an interesting app that may fulfill the needs of some and has a lot of potential for businesses looking to manage the accounts of multiple users.
Securing Crypto Assets
With the continual threat posed by hackers and phishing sites strong passwords simply are not enough to ensure the security of your accounts. While SMS messages were sufficient in the past the inherent vulnerability in the method has made more secure protocols necessary. Despite the minor inconvenience it poses, two-factor authentication is necessary for anyone that takes security seriously and these apps offer a wide range of options and choices for users. Everyone is responsible for their own protection and 2FA apps are a great way to step up security create a safer digital experience.
Keep your crypto safe while trading
Bennet, J. (2019, June 24). What Is Duo Mobile For Android?. Retrieved from: https://www.lifewire.com/what-is-duo-mobile-android-4178503
Brandom, R. (2017, September 18). This Is Why You Shouldn’t Use Texts For Two-Factor Authentication. Retrieved from: https://www.theverge.com/2017/9/18/16328172/sms-two-factor-authentication-hack-password-bitcoin
Dreyfuss, E. (2016, June 10). @Deray’s Twitter Hack Reminds Us Even Two-Factor Isn’t Enough. Retrieved from: https://www.wired.com/2016/06/deray-twitter-hack-2-factor-isnt-enough/
Hindy, J. (2019, July 3). 5 Best Two-Factor Authenticator Apps For Android!. Retrieved from: https://www.androidauthority.com/best-two-factor-authenticator-apps-904743/
LastPass. (2019). LastPass MFA Is A Smarter Way To Authenticate. Retrieved from: https://www.lastpass.com/products/multifactor-authentication
Milkovich, D. (2018, December 3). 13 Alarming Cyber Security Facts & Stats. Retrieved from: https://www.cybintsolutions.com/cyber-security-facts-stats/
Ottoni, C. (2018, May 17). Authy Review: An Awesome App For Two-Factor Authentication. Retrieved from: https://ting.com/blog/authy-review-two-factor-authentication/
Sharma, P. (2018, June 18). How Time-Based One-Time Passwords Work and Why You Should Use Them In Your App. Retrieved from: https://www.freecodecamp.org/news/how-time-based-one-time-passwords-work-and-why-you-should-use-them-in-your-app-fdd2b9ed43c3/