Keeping your accounts secure with Two-Factor Authentication
Strong security tools are useless if they are too cumbersome to use. (Which is why we made it easier.)
Near the end of last year, question-and-answer site Quora leaked details of 100 million accounts, including encrypted passwords. Just a week earlier, Marriott announced a massive breach of no less than 500 million users, one of the biggest leaks in history. A month before that: personal data of 50 million users leaked by Facebook.
No matter how focused you are on security: platforms will be hacked and your data will leak eventually. In fact, it probably already has; you can even check online if you have been ‘pwned’. In the best-case scenario, the social media site or web store you’ve been using has properly encrypted your password, and you have chosen a strong and unique password for each website, preferably randomly generated by a password manager. If you’re already doing this — what else can you do to keep your online accounts secure?
Your account details are compromised, now what?
Let’s say you’ve been a loyal user of a fictional SocialWeb™ platform, and SocialWeb has been hacked. Hackers have gained access to the details of many users, including your login credentials. What are the possible scenarios?
- If the developers at SocialWeb did not properly encrypt your password, you should never, ever, ever trust SocialWeb with your data again (*ahem* Adobe *ahem*). If you’ve used the same password on other websites you should change it everywhere as fast as you can.
- If they did encrypt your password, your password is probably safe as long as it’s very, very strong. The longer your password, the harder it is to crack, exponentially. Using ‘correct horse battery staple’ for a password might take 550 years to crack. However if your password is ‘password123’ you should (a) be ashamed of yourself and (b) change it quickly because short passwords can often simply be looked up in readily available dictionaries called ‘rainbow tables’.
- If SocialWeb implemented two-factor authentication (or 2FA), then your account is likely safe. Even if hackers figure out your password, your account is still protected by a second factor: a time-based, dynamic, numerical code that changes every minute or so. Neat!
Sounds good, this 2FA thing, right?
It’s like a key to your front door that goes up in flames after 30 seconds; slim chance that pickpocket on the bus makes it to your front door within that time. Let’s use it! Simply install a 2FA app on your phone and get started.
But wait — a quick and unscientific poll amongst fellow developers taught me that not even half of them have 2FA set up for their primary or work email accounts. The reason? It was annoying to set up. Though the 2FA codes are securely and conveniently generated by an app, the system breaks when your phone does. When you lose your phone, or simply upgrade to a new one, it is impossible to transfer the accounts to your new device. You have to through the process of:
- digging up your ‘in case of emergency’ codes,
- disabling 2FA,
- re-enabling it on your new phone,
- for each and every account that you secured.
*sigh*
Which is exactly why we decided to create our own 2FA app
(Heads-up: this is where this post becomes pretty much an ad for our app, but bear with us: the app is 100% free and very excellent. I even use it myself! Money back guaranteed.)
Yep, we made our own 2FA code generator and released it for free! Our Android app has been tested by nearly 5000 beta users for the past few months, and we are proud to announce that it is finally released to the public, along with its iOS counterpart.
This free app generates the single-use password codes that you use in combination with your existing regular username and password. Much like other authenticator apps like Google Authenticator or Authy (and fully compatible!) it works with many online accounts and even without a data connection, but with many, many improvements. And most important of all:
Using this app you can finally back-up your accounts to your favourite cloud, transfer them to a new phone without hiccups, or even share them with your partner.
Only with Pixplicity Authenticator, you…
- … will never again have to reset 2FA on all your accounts when you buy a new phone.
- … don’t have to trust our cloud with your accounts. We don’t have a cloud and we don’t store your accounts.
- … don’t have to trust other cloud providers with your accounts. We encrypt your back-up using strong AES 256-bit encryption.
- … can set up 2FA codes on multiple devices. This means you can use your tablet and your phone, but also that you can share accounts with your partner, or with your colleagues.
No phoning home to the mothership
If you still don’t trust us with your 2FA codes, congrats! You are reasonably paranoid about security, as are we. Which is why this app does not even have permission to access the internet. There is simply no way for us to hijack your information and sell it to China! Bummer for us, great for you.
Which accounts can I use with this app?
It’s a long list and more are added every day. Since the technology behind the 2FA codes is an open standard, you are not dependent on Pix’s technology. The following are just a few well known platforms that we know are compatible:
- Google, Microsoft, Yahoo
- Facebook, Snapchat
- Slack
- Amazon
- Dropbox
- GitHub, BitBucket
- Discord, UPlay
- Lastpass and a lot of other password managers
- Most Bitcoin trading platforms
Conclusion
Naturally, this app covers only a part of what you can do to protect your data. It aims to lock attackers out of your accounts, but you’re still at the hands of the SocialWebs and their quality of security, and hackers might still get access to your credit card information or other personal details. However, enabling 2FA is an important (and thankfully now also an easy) step to take for increasing your personal or corporate security.
Security measures are useless if they are not used. Simplifying technology to bring it into the hands of everyone is exactly what we love to do, and what we excel at, here at Pixplicity. If you’d like to learn more about our work, shoot a message to welcome@pixplicity.com or check out pixplicity.com/work.
