People constantly ask us for advice on keeping their accounts secure. Strong passwords are great and using text messages for two-factor authentication is even better, but neither of them will stop a determined hacker or identity thief. Want better security? Switch to an app.
What do I mean?
Let’s go over a few basics…
Using a strong, alpha numeric, password that is long with upper and lower case letters, numbers, and special characters is a great start. Every account you have should also have its own unique password.
Two-factor authentication is even better but it is text message-based and was not ever intended to serve as an identity verifier. It is also becoming increasingly unsecure as hackers figure out ways to exploit it.
Here is where we come to authenticator apps. Setting one up can be a bit time consuming but it is worth the effort. Why? SIMjacking.
What is SIMjacking you might be asking? SIMjacking, or SIM swapping, is when your SIM card information has been hacked and hijacked by a criminal. By the time you know you have been SIMjacked, it is way too late. Your accounts will have been switched by the hacker and you will have been locked out. Potentially indefinitely.
So you can see why in today’s world simply using your phone number or texts to verify your identity isn’t enough.
Authenticator apps are usually free and only take a few more steps to set up than the text-based authentication you are used to using. Some might find that choosing and downloading the app, scanning QR codes, or accepting tokens is a bit too intimidating or simply not worth the extra effort. It honestly is worth it. The apps are more secure and pretty convenient.
Authenticator apps work the same way text-based two-factor authentication does, but instead of sending you a code via text, the code appears in the app. In the app, that code also changes about every 30 seconds an added measure of protection. That makes it almost impossible for a hacker to guess… they would have to have your phone physically in their hand.
So, what app should you pick?
Well that is really up to you. We suggest selecting a well known large company since you know they will continue to be around (like Google or Microsoft). Make sure whatever app you select has a good rating and is able to be backed up and restored in case or a lost, stolen, or transfer of your phone.
Here are some of the most popular authenticators today:
Once you’ve decided on an authenticator app and downloaded it to your device, it’s time to add your accounts to it. Basically you will need to login to each account you want to add and activate the 2-factor app authentication option.
For example, if you use Instagram you would go to Settings > Security > Two-Factor Authentication > Authentication App. Next, open the authenticator app on your phone, add the Instagram account, add the 6-digit code the app gives you to your Instagram account, and you are done. If you use Twitter, go to Settings and privacy > Security and account access > Security > Two-factor authentication > Authentication app. From there you can either add a code or scan a QR code with your phone’s camera which will add it directly to your authenticator app. You get the point.
Each account should give you a backup code just in case something goes wrong with your phone and you need to get back into the account. Be sure to save that somewhere safe.
This all may sound annoying but what do you stand to lose if your accounts are hacked?
Have a question or need a hand? Please feel free to ask.