[ad_1]
If you have an online service account that involves your personal or financial information, you need to apply two-factor authentication to it. This guide will show you how to use an authenticator app on your phone to add security to your accounts.
That includes social media like Facebook, TikTok and Twitter, email services like Gmail and ProtonMail, online storage and office suites, and financial services. Your bank almost certainly already applies 2FA, using its own mobile as a token, which secures most financial transactions using your card.
You should also add two-factor authentication to services such as PayPal, Stripe and Wise, and any online retailers that don’t trigger your bank’s card confirmation system when you shop with them. It’s a good idea to add 2FA to widely targeted online services such as Amazon anyway.
If you have any services that use SMS messages to authenticate you, these should also be switched to app-based 2FA, as mobile phone numbers should never be used as a proxy for identity. They’re vulnerable to SMS interception attacks, specific kinds of phishing, and you can lose access to your number if it’s disconnected and reallocated due to non-payment of bills or other disputes with your mobile provider.
We’re going to use your mobile phone as an authentication device, using an authenticator app. In this tutorial, we’re going to use Google Authenticator, as it’s available for both Android and iOS and provides a consistent interface. I’ll discuss alternatives, including the integrated authenticator in iOS 15 and above, after this setup guide.
Kaspersky Password Manager
Your digital activities made simple
Keep your passwords and documents in a secure private vault – and access them with one click from all your devices.
- Kaspersky
- Yearly renewal
- £10.49 per year
You’ll need
- A computer
- An Android or iOS smartphone
The Short Version
- Install Google Authenticator
- Get started
- Optional: Import accounts
- Add your first account
- Select your service (example: Dropbox)
- Confirm that you want to continue
- Confirm your identity
- Select your 2FA method
- Scan the QR code
- First authentication
- Optional: Add a backup mobile number
- Save backup codes
- Enable 2FA
- You’re done!
-
Step
1Install Google Authenticator
Search the Google Play Store or iOS App Store for Google Authenticator and tap Install. Once installed, open the app.
-
Step
2Get started
Flick through the introductory information if you’re interested, then tap Get Started.
-
Step
3Optional: Import accounts
If you’re transferring Google Authenticator accounts from your previous phone, select Import existing accounts, then follow the on-screen instructions to bring up a transfer QR code on your old phone and scan it on your new one. Your one-time code collection should appear. Note that, unlike some rivals, Google Authenticator doesn’t allow you to backup your codes, so this is the only way to get them off your phone.
-
Step
4Add your first account
You can add accounts to Authenticator using either a setup key or a QR code. I always recommend scanning a QR code if available – and it almost always is – as this reduces the risk of error. To add an account to the authenticator, tap Scan a QR code. You’ll then be prompted to give Authenticator access to the camera. Tap Allow.
-
Step
5Select your service
In your web browser, go to a service you’d like to add 2FA to. In this example, I’m using Dropbox, where you’ll find the relevant security settings at https://www.dropbox.com/account/security – you’ll generally find multi-factor authentication options in a service’s security settings. It’s usually a link or clickable button, but Dropbox uses a toggle switch, which prompts you to set up 2FA if you haven’t previously registered an authenticator.
-
Step
6Confirm that you want to continue
You’ll often see a prompt explaining what 2FA is at this point. In Dropbox’s case, it’s an alert box when you can Learn more or Get started. Click get started.
-
Step
7Confirm your identity
Because this is a high-security operation that could be taken advantage of by someone who’d gained unauthorised access to your account, you’ll almost always have to re-enter your password to set up 2FA for a service, even if you’re already logged in. Do so.
-
Step
8Select your 2FA method
Various sites support a range of different method. Always avoid text message security codes if you can, although these are the default as they’re the most widely accessible option. Here, I’ll select Use a mobile app and click next.
-
Step
9Scan the QR code
Finally, we’re presented with the QR code we prepared to scan back in step 4. Line it up with your phone camera and an Account added screen displaying a code will appear on your phone. Tap add account on the phone, then click Next on the 2FA window in your browser
-
Step
10First authentication
On your phone, you’ll be looking at the main Google Authenticator screen. This lists every associated site or service, with 2FA codes that are replaced every second. To enable 2FA on Dropbox, we just need to type the code into the 2FA prompt on-screen in our browser. Although most Authenticator apps separate these into two sets of three numbers, you should just enter a six-digit code when asked for one.
-
Step
11Optional: Add a backup mobile number
At this point, Dropbox prompts you to add a backup phone number if one isn’t currently associated with your account. This is generally a good idea so you’ll be able to easily recover access to your account if you lose your authenticator. If you’re worried about your mobile number being compromised, however, stick to backup codes. Enter your mobile number and click Next.
-
Step
12Save backup codes
Dropbox gives you a set of backup passcodes here, which is fairly common. Other services may require you to generate them separately from their security interface. Either way, these are incredibly useful, as you can use them to log in if you don’t have access to your Authenticator app. Copy or screenshot them and put the file somewhere safe – preferably encrypted. Click Next.
-
Step
13Enable 2FA
You’re almost there. Dropbox shows a final prompt asking if you’re really sure you want to enable two-factor authentication. Click Next to confirm that you are.
-
Step
14You’re done!
The next time you log into this site from a new browser, you’ll be prompted to provide a 2FA code as well as your password. Your security page now shows all your 2FA settings and allows you to access your recovery codes if you need to generate more. You can also disable 2FA here if you need to. Back on the phone, click the plus sign icon at the bottom right whenever you need to to add another 2FA entry to Google Authenticator.
For another example, see my guide to securing your Amazon account with two-factor authentication using Aegis Authenticator.
Kaspersky Password Manager
Your digital activities made simple
Keep your passwords and documents in a secure private vault – and access them with one click from all your devices.
- Kaspersky
- Yearly renewal
- £10.49 per year
FAQs
The 2FA codes your authenticator generates are officially called Time-based One Time Passwords. A unique six-digit code based on the current time, these are regenerated every 30 seconds – so they’re useless if stolen – and must be typed into a box on the site that has asked you for it.
No, no connectivity required. You just need to make sure your device’s clock is accurate.
Yes it does, as of the June 2021 release of iOS 15 and iPadOS 15. It’s built into the iCloud Keychain, and you’ll find it by going to Settings > Passwords. Then add a new password or edit an old one. Go to Account options and select Set Up Verification Code… – you’ll then be prompted to Enter Setup Key or Scan QR Code, just as in the tutorial above. Users of older iOS versions will have to use a a third-party authenticator.
While a smartphone is an obvious choice for an authenticator, as you’ll have it wherever you are, Authy and Bitwarden both offer web and desktop interfaces. Bitwarden Authenticator is only available on paid-for accounts. Hardware dongles such as Yubikey devices are also an option.
Yes. This is a specialist feature, popular among businesses that need to share secure logins among staff, but also adds peace of mind if you’re prone to losing or breaking your phone. I recommend Authy and BitWarden, which can both be easily configured to work across multiple devices, which can also be removed via a web interface if lost.
Google Authenticator has limited multi-device support, but requires to you to scan the authentication code on every device you wish to use or use the account transfer QR code to add a duplicate device, so I don’t recommend it for this purpose.
No, you can use any authenticator. On a related, but separate note, you can also use any Android or iOS device for passwordless sign-ins to Google services.
No. Microsoft strongly encourages you to use its own Microsoft Authenticator platform – you’ll encounter prompts to do so when interacting with it for everything from Azure and Office 365 to Minecraft. While Microsoft Authenticator is a great tool, with an easy-to-use number-matching challenge for passwordless access to Microsoft services and increasingly capable password management features. However, if you’d rather avoid having multiple authenticators on your phone, say “No thanks” when prompted to get Microsoft Authenticator and do to the Additional security options page on your Microsoft account to set up a different authenticator app.
Google Authenticator is no longer open-source software, but plenty of rivals are. I use Aegis Authenticator on Android, available via both the open F-Droid store and on the Google Play Store. Bitwarden’s authenticator is also open source, as is FreeOTP, among others. The advantages here are that their code can be publicly audited for security, and that you’ll not be tied into any specific ecosystem.
No. Steam Guard uses an unconventional form of TOTP and doesn’t support third-party hardware or software tokens. 2FA for Valve’s gaming platform and its marketplace are currently only available via the dedicated Steam Guard Mobile Authenticator.
Yes. Multi-factor authentication (MFA), 2-step verification or two-step verification (2SV) are the most common alternative terms you’ll encounter.
[ad_2]