How to get around difficult two factor authentication issues

Online security is great, but there are few things that make me panic more than a website or app telling me it requires two factor authentication (2FA) to be used.

Of course, a lot of my stress around this situation stems from my decision not to own a mobile phone, a situation that is only a problem for a dwindling proportion of the population.

Even though most of you reading this likely own a mobile phone and are comfortable confirming access to your accounts via an SMS code being sent to your phone to prove that it is you, there are still situations when 2FA might cause you some issues.

Read more: How to shop smart on social media

One such scenario can be when you travel overseas. Often people change their SIM and have a new number while 2FA is set to your regular Australian number. Other reasons could be that you have lost your phone, or you have no battery life left.

There is, however, an easy way to use 2FA when it is not convenient for a code to be sent to your phone.

The way I go about verifying my identity to most of my apps and software that require 2FA is the app Google Authenticator.

Read more: Cash in on your vintage technology

You can install the app on your computer or smartphone and then it must be connected to each site that requires a 2FA key.

The Authenticator site then provides a secret key to use over a secure channel, which is stored in the app and is used for all future logins to the site.

To log into a site or service that uses two-factor authentication and supports Authenticator, the user provides username and password to the site, which computes (but does not display) the required six-digit one-time password and asks the user to enter it.

Read more: Significant problems with telco sales practices

The user runs the Authenticator app, which independently computes and displays the same password, which the user types in, authenticating their identity.

With this kind of two-factor authentication, mere knowledge of username and password is not sufficient to break into a user’s account; the attacker also needs knowledge of the shared secret key, or physical access to the device running the Authenticator app.

The below video explains why you should try this technology.

Do you use 2FA to protect your accounts? Has this ever caught you out when you have been without your phone for some reason?

If you enjoy our content, don’t keep it to yourself. Share our free eNews with your friends and encourage them to sign up.

Leave a Reply

Exit mobile version