I slightly awakened the hornet's nest this week when I suggested that people should change from Google Authenticator in another two-factor authentication app on Android. I recommended the Author, but that's because I use it and I find it very easy. Not only does it forbid you (and other apps) from taking their screenshots, but thank you for the extra security built into Authoric (and the options you have for keeping the security of your 2FA keys or using conflicting features, such as its conflicting features the ability to quickly sync your 2FA keys. on some of your own devices).
But, of course, there are many other great apps for 2FA, and—1Password comes to mind, if you do not wish to pay for it (and should, if you do not already have a password manager). Better yet, use the hardware token of any accounts you can get, rather than your smartphone. I don't really care what you use; I, and many others, as the Author, but you are welcome to use any authentication app that works best for you.
Feeling frustrated? You shouldn't, but be can it seems like too much to process when you're not too concerned about technology or the two-factor authentication. As a Lifehacker student Jenny writes:
"I just read your article about 2FA apps, and I need a little guidance, please don't you think? I'm just a veteran and a lot of that thanks to the good people of Reddit.
This week I launched Google 2 Factor Authentication for my Reddit signon, and I haven't really found a link to how it works.
Now you say it's not safe, and I should switch to Author, right? How do I do that? If I delete one from Google on my phone, would that ruin my Reddit icon? Or will it rotate automatically? And if I go to the Author, can I install it on my tablet so if something happens to my phone I can access my accounts? And when I switch to Author, should I delete Google my phone before or after I download and open Author?
Any guidance you can give me will be greatly appreciated!
Have a wonderful day, and thank you for all the work you do to keep us all here! ”
Let's get past the basics! First, here's a simple version of how 2FA protects your accounts. You set up 2FA on a website or service and link it to the app (in this case). That app has a number in it. When you go to a website or service, you will need to download the app and provide this rotating number to confirm that you are not the shooter who got your hands on your password and password. Protection comes from the idea that while your credentials can be easily distributed in various ways, odds are so low – if not small – that an attacker will be able to guess (or brute-force) this special number that changes about every 30 seconds.
This is a bit different than when a website or service documentation gives you a number to include in the login process. This is known as 2-step verification, and though it's better than nothing, it's more secure than 2FA because it's easier for a hacker to swap your SIM-swap or otherwise your phone number – separate your messages, including these requests, and enter the field date. It is very difficult for an attacker to gain physical control of the device you are using for two-factor authentication, which is why the following is selected.
Now, to your question. In fact, he is maybe it's okay if you stick with Google Authenticator, because it's better than using a two-factor system at all. As long as you don't download malware or random apps to your device – it's usually one thing and then it doesn't matter if Google Authenticator approves the icon (at the time I wrote this).
If you want the safest, you can wait either switch to another authentication app, such as Author. Here's how I do that on Reddit:
- Use Google Authenticator to sign on Reddit as you normally would
- Turn off two-factor authentication temporarily
- Open it, and set it up with Authory instead of Google Authenticator
That's all. We should repeat this process to any location or service where you have 2FA enabled and connect it to Google Authenticator. It's a frustrating process, but it shouldn't take long; and you have at least a list of all sites that need to be configured, because you'll be able to see them within the Google app.
Once you've switched all of your accounts to Authoris and can confirm that you can access them using Author codes, remove Google Authenticator. However, sharing Author codes on all devices, the process is very simple. Install the Authory app on any other phone you want to use for 2FA. After that, jump into the Authory app on your original device and pull its settings. Tap on "Devices" below, then enable "Enable Multi-device."
After that, sign in to Authoric on your second device using whatever credentials it wants – your phone number, I believe, or the first device. Once you have configured it and realized that all your 2FA codes are synced above, go back to your original device and disable the "Enable Multi-device" setting. The new device you just configured will continue to work, however there is no other you will be able to sync your account someone else use it until you turn the switch on again.
Generally, in 2FA applications, you will need to perform the procedure I described earlier to sync the account to authentication apps on multiple devices: Signing in and disabling 2FA temporarily, restarting it, and scanning the provided QR code (whatever) using the program app authentication on each device. Otherwise, there's no way to "add" a new device and sync it.
The author is unique, and the source of some controversy of its own – though simple, this aspect makes it true Easier for an attacker to gain access to all of your 2FA combinations, if you haven't prevented them from doing that by disabling them. I love the convenience, but I can see how this can be a place to stick to people who want to be safe and have as much privacy knowledge as possible. If this is you, maybe the Author is not the perfect fit.
Do you have a technical question last night? Tired of troubleshooting your Windows or Mac? Looking for tips on apps, browser extensions, or resources to accomplish a specific task? Let us know! Tell us in the comments below or email us [email protected].