September 03, 2021
4012
02FA or U2F: What Should You Use to Protect Yourself?
Unfortunately, SMS is not the best choice for confirming two-factor authentication. It can be easily viewed on the phone’s lock screen if notifications are enabled. In addition, you can simply take a SIM card and move it to another phone. This way, you can get access to the received password.
Why should you use the strongest password? Here is the answer.
Another way to intercept the code is a Trojan that can get on the phone using a recently installed application. Or the password can be obtained through the vulnerability of the SS7 protocol, through which these SMSes are transmitted.
In general, SMS passwords are not very secure, and sometimes even very insecure. Therefore, today we’ll consider alternative methods of two-factor authentication.
Find out the best password tutorial here.
#1: One-time codes in a file or a paper
A simple replacement for SMS codes is the use of one-time codes stored in a separate file or notepad. This is not the worst option, especially for those services in which you need to log in relatively rarely. Actually, even for the same “Facebook”, this method may well be suitable, especially as a backup login method.
It works very simply: upon request, the service generates and displays a dozen one-time codes on the screen, which can later be used to confirm its entry. Then you just print out or rewrite these codes on paper and put them in the safe. Or, even easier, you save it in encrypted records in the password manager.
#2: Applications for two-factor authentication
The only drawback of having a set of one-time codes on hand is that one day you may run out, and then you may be left without access to the important files. But there is another way you can create one-time codes with no such limit by using simple authentication apps.
How does it work?
Two-factor authentication applications work very simply. Here’s what you’ll have to do:
Step 1: Choose and install the desired 2FA app on your phone.
Step 2: Go to the website or service you want to use 2FA with and find the security settings.
Step 3: Select two-factor authentication.
Step 4: The service shows you a QR code that you can scan directly into the 2FA application.
Step 5: After you scanned the code, the app will start to regularly create new one-time codes that you can use anytime you want to log in to that service.
Learn more about QR codes benefits here.
It is worth saying that all the codes are generated simultaneously. It is based on a unique key that only the user and the central server know. The most commonly used is the so-called OATH TOTP (One-time password based on time).
In addition, there is an alternative to the previous OATH HOTP algorithm (a one-time password based on HMAC). Instead of the current time, it uses a counter, which is incremented by one for each new code created.
Compatibility of applications for two-factor authentication and services
The principle of operation of such applications is approximately the same. Therefore, there is not much difference in which service to choose.
However, some services prefer to make their own two-factor authentication applications that work only with them. Moreover, the services themselves do not work with any other applications other than their own.
This is especially common among large publishers of computer games. For example, Blizzard Authenticator, Steam Mobile with the built-in Steam Guard authenticator, and Wargaming Auth are incompatible with any other service than the one they were built for.
Adobe also followed this strange path, having developed Adobe Authenticator, which works only with AdobeID accounts. But at the same time, you can use other authenticators for protection with AdobeID, so it’s not clear at all why it was necessary to develop a dedicated app.
Therefore, choose the authenticator application you like best for a set of additional functions — it will work with most services that generally support 2FA applications.
The most suitable way to manage your security is to use Utopia P2P. You can forget about passwords and data protection methods. Utopia does everything for you. It protects your data and account from third parties.
The best two-factor authentication apps
Searching for “authenticator” in Google Play or the Apple App Store gives more than a dozen results. Therefore, there should be no problems with finding a service. However, you should not choose the first application that comes along because you will be trusting it with your passwords and account keys. Therefore, it is best to choose from applications created by prominent and respected developers.
Here is a list of trust services that we recommend using.
1. Google Authenticator
Google Authenticator is one of the easiest-to-use applications for providing two-step authentication. The application interface is as simple as the functionality: there are no additional settings. The only feature is the ability to add tokens necessary for generating new code.
Platforms to use the app: Android, iOS.
2. Duo Mobile
Duo Mobile is another easy-to-use app. Its interface is minimalistic and uncomplicated. In addition, it stands out compared to the first application — it hides the default codes. To see the code, you need to click on a particular token.
Platforms to use the app: Android, iOS.
3. Microsoft Authenticator
Microsoft Authenticator is a multifunctional application, unlike the previous ones. It displays all existing codes. In addition, tokens can be hidden from prying eyes when the application is launched. It’s much easier to log in to Microsoft through the app.
Platforms to use the app: Android, iOS.
4. FreeOTP
This application does not take up a lot of RAM — the iOS version takes up only 750 KB. The application hides the codes and shows them only after a request. In addition, there is a function for manually configuring tokens and a method for scanning a QR code.
Platforms to use the app: Android, iOS.
5. Authy
The most popular and frequently downloaded application finishes the list. All tokens are stored on a separate cloud, so you can easily access them from any device. They are encrypted using a special key that is based on the user’s password. Thus, all data is protected and inaccessible to third parties.
Platforms to use the app: Android, iOS, Windows, macOS, Chrome.
FIDO U2F authenticators
For those who do not want to use one-time codes for one reason or another, or feel it is preferable to have a physical key to their accounts, there is another option. You can use hardware tokens of the U2F (Universal 2nd Factor) standard created by the FIDO Alliance.
How do FIDO U2F tokens work?
It’s very easy to get started: you need to connect the U2F token to your device and register it with the web service. It won’t take long.
During the registration of the token, the service will create a pair of keys based on cryptography. These keys are public and private. The first one is stored on the server, while the second one is located in a protected element of the U2F. Thus, the private key always remains on the U2F device.
The private key is used to encrypt the login. Then, using the public key, the data is decrypted, and a successful login occurs. That is, no one can log in on your behalf since the encryption will be performed with a non-public key, and the public key will not be able to decrypt it.
Types of U2F devices
All authentication applications compatible with the U2F standard will work with the same success with all services that are also compatible with this standard. However, there are a few important differences. One of them is the interface. And this is quite an important fact since it affects which devices it will not be able to work with.
USB is suitable for Windows, Mac or Linux without installing any drivers. In addition to the usual USB-A, there are U2F “keys” with USB-C.
NFC is suitable for Android use.
Bluetooth is suitable for those devices that do not support NFC.
What to choose
No one but you will be able to decide what is best suited for data protection. However, the most suitable scheme is a combination of several types of protection. For example, you can protect your work email using U2F and everything else using 2FA options. Or use one as your primary method and the other as a backup.
This way, your data will always be reliably protected.
Choose anonymous ways of file sharing, protect confidential data, and forget about passwords.
