In this ephemeral world of cybersecurity, the criminals are getting craftier and more aggressive. All it takes is one slip-up and access to bank accounts, our internal network, and other privileged data is at risk. How do we know if we are secure? To make sure we are secure We can use the various types of state of the art two-factor authentication.which can be mainly boiled down to sms based, software and apps based and hardware-based yubikeys.
Unfortunately, despite the convenience of using it, the main reason that it is so popular is that SMS is not the most reliable option.Here is why ,firstly it is easy to peek at passwords sent if notifications are enabled. Even if they are off, a SIM card can be removed and installed in another smartphone, giving access to sensitive information. These messages can be further intercepted by a Trojan lurking inside the smartphone. These methods are already used in practice.With that said, we’re dealing with a live threat.In conclusion, SMS passwords are not very secure. So it’s best to look for alternatives.
First of which is an authenticator app.One-time codes can be generated using a small and very simple authenticator app which uses simple algorithms to make OTPs every 30 second. The choice of 2FA apps is surprisingly wide.I do not recommend installing the first app you lay your eyes; it may not be the most secure and that is why i suggest the following best authenticator apps
Microsoft Authenticator
- Can be configured to hide codes.
- Extra features for signing into Microsoft accounts.
FreeOTP - Hides codes by default.
- Maximum settings when creating a token manually.
Authy - Tokens are stored in the cloud, allowing them to be used on all of your devices.
- App login protected by PIN or fingerprint.
- Unlike other apps, it supports not only Android and iOS, but also Windows, macOS, and Chrome. Another alternative is to use hardware based keys one of the most popular being a YUbikey.One of the best ways to secure yourself and are the darling of data specialist, mainly because, from a user perspective, they work very simply. To get started, simply connect the key to your device and register it in a compatible service. The whole process takes just a couple of clicks.and you have the a very secure key ready.The range of such keys are very rich and wide and the big companies have started to invest into them as well For example, Google recently introduced a suite of authenticators under the banner Google Titan Security Keys.furthermore you have hardware keys like Linux keys for USB C etc
So, what to choose for two-factor authentication? There is no universal answer to this question.An authenticator app on your smartphone as the primary one and a U2F tokenwith one-time passwords in your safe as a backup is the way to go. In any case, the primary recommendation is to abstain from utilizing SMS Based one-time passwords at whatever point conceivable. Valid, it’s not generally conceivable. Money related administrations, for instance, are famously moderate and once in a while offer verification through anything other than SMS.
Author – Satvik Petwal
The Doon School
