Long gone are the days when nobody was aware of online threats and a simple password was enough to protect your accounts. Nowadays, an account without two-factor authentication (2FA) enabled is considered insecure. There are many authentication apps on the market, with Google Authenticator being the most popular one. Here’s what you need to know about it.
More than 40 billion records were exposed in data breaches in 2021, making it the worst year for cybersecurity ever. A significant part of these records are stolen passwords that ended up on the dark web. As we discuss in our dark web case study, hackers can make a lot of money selling your stolen data. If you use passwords to secure your accounts without any additional protection, you’re putting yourself at risk. Threat actors can buy a list of leaked or stolen credentials, and if your credentials are included, they could take over your accounts.
When you have 2FA enabled, the chances of exposing your accounts are much lower. Two-factor authentication means that after typing your password, you also need to authenticate yourself via a text message, token, or app.
While tokens and text messages have lost their credibility over the years, authentication apps are considered the most secure way of verifying your identity. Microsoft Authenticator, Authy, and Duo Mobile are a few well-known names on the authentication market. But let’s focus on Google Authenticator.
When you set up two-factor authentication on an account you want to protect with Google Authenticator, the app generates a six-digit code that you need to enter to log in. For security reasons, the code changes every 30 seconds, so you don’t have a lot of time to enter it. The app works on Android and iOS.
You can set up two-factor authentication with Google Authenticator on popular services like Gmail, Instagram, Facebook, Twitter, and LinkedIn. When you open the app, you can see all the services linked with your Google Authenticator account.
The app also allows you to transfer your connected accounts from your old smartphone to a new one, so you don’t need to set up everything from scratch.
Google Authenticator is considered to be a safe app. However, two-factor authentication is not a panacea for all security ills, and Google Authenticator should also be used while keeping its limitations in mind .
The app itself is not secured with a password, so if your smartphone is stolen, wrongdoers can access your codes without any additional effort. While the chances this will happen to a regular person are low, a targeted attack on a high-net-worth individual may be more likely.
Before setting up Google Authenticator, go to the security settings of a service you want to protect with 2FA. Look for a QR code or a key, which you will need later for connecting with Authenticator.
Google Authenticator doesn’t provide any backup options if you lose or break your smartphone. This means you won’t be able to access your accounts when logging in from an unrecognized device or browser. Here are three workarounds that may save you trouble in the future.
Most services that offer a 2FA option also provide users with backup codes. If you can’t authenticate yourself via Authenticator, you can enter the code and confirm your identity. However, this only works if you have copied the backup codes before and kept them in case something happens.
If you use 2FA on multiple services, it’s inconvenient to copy the codes for each of them. Keeping the codes on your computer or printing them is also not the best cybersecurity practice. A better option is to store them in an encrypted vault like NordLocker.
When you’re setting up your Google Authenticator, you can make a screenshot of the QR code. Make sure to use NordLocker or other encryption service to keep it from prying eyes. Storing this QR code in your email, notes, or gallery is not a good idea.
Programmable tokens work like authentication apps: they show you a code that you need to enter in order to identify yourself. While tokens are more secure than the methods mentioned above, it requires an extra effort to acquire a token and program it.
A handful of authentication apps like Authy offer cloud backup, making the code recovery process smoother.
Want to read more like this?
Get the latest news and tips from NordVPN.