In our previous blog post we spoke about what is a strong password. Building on this, we wanted to highlight another important feature to boost your online account security: Multi-Factor authentication (MFA).
Securing our online accounts is a very crucial step to ensuring we protect sensitive and personal information. One of the easiest ways to boost security is by using MFA. This typically involves receiving a code (typically on a mobile device), to be entered alongside your password.
Why should you use an Authenticator app
Passwords alone do not offer sufficient protection. Authenticator apps offer a free and secure way to create a second step of verification. If someone gets hold of your password, they still can’t access your account without the code from your authenticator app.
Authenticator apps are also a more secure method of MFA, in comparison to the more common SMS text message option. This is because most authenticator apps generate codes locally on your device, rather than sending a text message that could be intercepted by a cyber criminal.
Google Authenticator and Microsoft Authenticator are two of the most common authenticator apps that generate time-based one-time passcodes (TOTP), adding an extra layer of security to your login process. Here’s a step-by-step guide on how to set up both:
Setting up Google Authenticator
Choose the Account to Protect:
Sign in to the account you wish to secure, e.g., Gmail, Slack, discord
Typically, they will have an option to set up MFA within the settings
Scan the QR Code:
Once you select the Authenticator app as your MFA method within your account, a QR code will appear
Open Google Authenticator and tap the "+" icon
Choose Scan a QR code and point your phone’s camera at the code to easily link an account to Google Authenticator
Use the Code:
After scanning, Google Authenticator will start generating time-sensitive codes. These will typically expire and a new code will generate, just use the latest one each time you are prompted to enter a code on your online account
Setting up Microsoft Authenticator
Scan the QR Code:
Like Google Authenticator, a QR code will appear once you select Microsoft Authenticator as your 2FA method
Open the app, tap Add account, and choose Work or school or Personal account
Scan the QR code with your phone
Verify and Save:
After scanning, the app will generate codes for your account, similarly to Google, these expire after a period of time. You may need to enter a code for the first time to link the account to the authenticator app
Considerations of using an Authenticator app
One common concern of using an authenticator app is what should you do if you lose access if your device linked to the authenticator app was stolen or lost. Google offers guidance on creating backup codes, which should restore access in the event you lose your device or change information such as your mobile number. The guidance can be found here. Microsoft also has guidance, which can be found here.
You should also utilise biometric security built within your phones, such as face recognition or fingerprint scanners, in order to restrict access to the authenticator app. This provides additional security if someone was to gain access to your device, as they would have to bypass the biometric security in order for the authenticator app to open.
Overall, authenticator apps provide a simple method of boosting your online account security. Having an extra layer of defence for your online accounts is crucial for protection.
For any queries regarding your online account security or anything else from our security consultants, you can contact us here.
Comentarios