Once, accessing online accounts involved little more than entering a username and a password. Nowadays, more and more online accounts encourage, or even require, a second form of authentication when logging in. This is known as two-factor authentication, or 2FA.

Put simply, 2FA makes sure that the person logging into your account is really you. Even if someone knows your password, they still cannot get into your account without a second special code or factor.

Passwords alone – a low bar

Unfortunately, passwords alone are a poor way to protect an online account. In the main, this is because most people don’t use safe password practices.

We’re inclined to choose weak passwords that are easy to remember, but also easy to guess and we often use the same password for multiple websites. Short passwords are a problem since cracking them is only a matter of time. Even long, complicated passwords will not protect you if the service where you use that password stores it improperly and then has their server breached.

For these reasons, two-factor authentication is becoming a normal part of accessing our online accounts.

Text codes – better, but far from perfect

You’re probably familiar with using text messages as your second layer of identity verification. Upon entering your login name and password, you’re asked to enter a six-digit code, texted to your mobile phone number.

For most of us, text-based 2FA, is well understood because it uses technology that we use all the time anyway. But it’s a technology that wasn’t meant for verifying identity, and it’s an increasingly insecure option as hackers continue to find ways to exploit it.

In fact, text messages are now subject to a recent and ongoing flood of mobile phone-based hacks called “SIM swapping” or “SIM jacking”.

A SIM swapping attack occurs when an attacker convinces a victim’s mobile phone carrier to port the victim’s mobile phone number to a device the attacker owns. At this point, they can receive phone calls and text messages intended for the victim. The attacker will then use this to gain further access to any account that is protected using the victim’s mobile phone number. This can include anything from an email account to social media, banking and even cryptocurrency.

In short, crooks can re-route mobile numbers.

Basically, if you’re using texts or your phone number to verify your identity, it’s time to consider something else.

Authenticator apps – a safer option

What is an authenticator app?

Authenticator apps generate a one-time code that you use to confirm that it’s you logging into a website or service. You need physical access to your phone to gain the code.

What makes an app more secure?

Using an authenticator app to generate your 2FA codes is more secure than text message. The main reason for this is it’s more difficult for a hacker to gain physical access to your phone and generate a code without you knowing about it.

An authenticator app constantly generates new, temporary access codes. But because these passcodes are continually changing, it’s nearly impossible for a hacker to crack the code before a new code is created. In other words, for anyone to access your protected account, they must know your password and have access to your phone in a very short time frame.

Further, an authenticator app on your smartphone generates codes that never travel through your mobile network. This minimises your exposure if, for example, you’re the victim of SIM swapping.

Keep in mind, the phone or device on which your authenticator app is installed must be protected with a secure password.

Complete protection against cyber fraud is difficult, if not impossible to achieve. But the use of 2FA, and an authenticator app as your second line of defence, will significantly reduce your risk of cyber security attack.

Setting up an authenticator app – where to begin

Step 1 – Choose your app

Most online services let you decide which authenticator app to use. There are many to choose from and you “shop” for them like you would any other app. It’s up to you to do your research and select the app which you think serves you best.

Type in “authenticator apps” in your search engine, or within the app store for your phone.

Google and Microsoft each offer their own authenticator apps, but there are plenty of other options out there to consider – Authy, Strongbox and LastPass Authenticator are just a few of the alternatives.

When deciding which app appeals to you, you might consider:

  • How well the authenticator tool matches the platforms you work on most (eg Android, iOS);
  • Whether it backs up the account info (encrypted, of course) in case you no longer have the phone you set everything up on. Authy, LastPass Authenticator, and Microsoft Authenticator offer this, while Google Authenticator does not;
  • If you have an Apple Watch, whether the platform provides an Apple Watch app (Authy and Microsoft Authenticator do);
  • Whether you want a multi-purpose app, which includes additional services such as password generators and keepers.

Some companies, such as banks, and Government agencies have begun including their own authenticator tools within their online platforms to make them more secure and to avoid relying on a third-party app to keep your data safe.  Your online service provider will be able to give you more information.

Step 2 – Download your app

Once you’ve decided on your app, you simply download it from the App Store (for Apple) or Google Play (for Android). You can get apps for free, though if you opt for one with additional services (such as password keeper) you may need to pay to buy or subscribe to the app.

Step 3 – Activate 2FA for your online accounts

The final step is to activate 2FA in your account settings. You will need to do this for each individual online account. Once you’ve logged in, find your security settings page – look for this within your profile, or account name. Here, you will find the options available for 2FA, and steps for activating your preferred option.

Yes, it takes a little time and effort, but the extra security over your personal information and assets is well worth it. You don’t need to do it all at once. Perhaps start with the online accounts which present the greatest possible risks – anything banking and finance related should be at the top of your list. Next time you login, or use SMS texting as your 2FA, take a few extra minutes to look into using an authenticator app instead. Once you have your app installed on your phone, it’s relatively quick to set up your 2FA and take your online security to the next level.

General disclaimer

This content is intended only to provide a summary and general overview of the subject matter covered. It is not intended to be comprehensive nor does it constitute advice. We attempt to ensure that the content is accurate and current but we do not warrant the content nor its currency. You should seek professional advice before acting or relying on any of the content.

How can we help?
If you'd like to discuss any aspect of your estate plans, please call us on 1300 623 936 to arrange a time to meet and we can discuss your particular requirements in more detail.

13 + 12 =