One of the pillars of the security of our online accounts is two-factor authentication. These codes are sent to our phone when we start the hiding of the app more complicated than they appear and they can significantly increase the security of our accounts.
What is two-factor authentication
When we create an account for the service we need At least two things: an identifier and a password. The identifier is sometimes email, even though some others say our alias, our name or our DNI.
When we sign in to the service, the first thing we have installed is the identifier so the service can recognize it. We then enter a password, which is priv ate and only we know, to show service to who we really are
So far the system seems to be working perfectly, though What happens when a password is hacked or stolen? Yes, the account is at risk. Today, security breaches by various companies exposing their customers' passwords have become commonplace. Whether due to past observations or attacks, it is clear that passwords themselves do not provide sufficient protection for the most sensitive accounts, here comes two-factor authentication.
Two-factor authentication, as the name implies, uses two things: password and random code generated from time to time and, again, the only one we have. We can imagine the system as a double key door, we need both keys to log in and, so if one of them is lost or someone gets one, access to the account will continue to be protected.
Each service offers variants that prove the critical nature of two things. There are services that ask us to enter a phone number, when we register, send an SMS, some use an app made by the same company to send a code and some rely on open source applic ations and we can use the code generating app that we choose. All of these solutions separate properly for safety
Send a SMS code, without a doubt, is the safest option authorization. Someone with a third-party DNI can call the operator and activate the SIM card duplicate and start receiving the codes, or the person receiving the phone can read the code on the screen.
Apps that are clearly created, though safe, have two weak points. The first is comfort, if we keep it many apps as accounts on our phones we probably prefer not to use Double factor because it is already unpleasant. The second is that customized and closed-loop solutions cannot be properly researched to ensure their correct performance.
Finally, code-generating apps like 1Password, for example, provide us the ideal combination of safety and comfort, although it involves some risks. So much so that there are rumors that in iOS 14 Apple could add Double-factor code production function directly to the system.
How two-factor authentication works for Apple
In our Apple ID the verification codes of the fact factor they are displayed right on the screen of our trusted devices, those we have signed in with with our Apple ID. As a result of this program, Apple should not rely on third-party platforms at any time, to be able to guarantee a higher level of security than other solutions.
In addition, thanks to the integration of the program with devices, codes they come in a form of appreciation when we just need them, an easy add-on that saves us from opening a specific app and searches for the code in question when we want to sign in.
From a security standpoint, accessing a third-party Apple ID may require an attacker to know the account password, be able to access a device owned by an Apple ID owner, and be able to unlock it. Keep in mind that this security function is a function of the Security Enclave, so malware on the device will not be able to detect or generate any code. So all this The actual probability of reaching without automation is very close to 0.
Double factor authentication, whether in the hands of Apple or other services, provides, in the simplest way, greater security to our accounts. And while it may not replace the tighter passwords or longer passwords, or the golden recommendation to use different passwords for each service, it is more than recommended to use it on all accounts that allow it. We'll see how to use it in our Apple ID, and use it with various recommendations to be used correctly in a future article.