<

Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x

My experience with Multi-Factor Authentication applications

Published on
3,410 Points
310 Views
1 Endorsement
Last Modified:
Thomas Zucker-Scharff
Veteran in computer systems, malware removal and ransomware topics.  I have been working in the field since 1985.
There is a lot to be said for protecting yourself and your accounts with 2 factor authentication.  I found to my own chagrin, that there is a big downside as well.

Why Use Multifactor Authentication?

I have been a big proponent of multi factor authentication for quite a long time.  I believe that using 2FA (Two Factor Authentication) adds an extra layer of security that we all need.  I use 2FA on as many sites as I can, as well as installing it on my own blog.  My logic is fairly straight forward.  If someone tries to hack into my accounts, they may be able to get at my and username and password, but unless they wish to take my phone away at the same time, they are unlikely to be able to hack my accounts (now that I have said that, I'll most likely be hacked).  


Authy and Authenticator

I switched from Google's Authenticator app to Authy so that my 2FA tokens would be backed up in the cloud.  In this way I wouldn't have to go through disabling all my 2FA accounts when I switched phones.  This was a real draw.  I was easily able to switch applications.  I created a backup password that I would need to use in order to decrypt the Authy tokens when I changed phones.  Every so often Authy would prompt me to enter my backup credentials to make sure I would remember them.  After a while I fell into the trap of ignoring this message, dismissing it without entering the password.


Disaster strikes!

Everything was running along smoothly until recently when I had to get a new phone.  My phone was run through the clothes washer - it was very clean, but would not turn on (I didn't even try until I had left it over night, buried in rice).  So off to the store to buy a new phone I went, and ended up with a Samsung Galaxy S8.  Almost everything was able to download to the new device, except that I had to put in all the new settings. (still not finished)  That is when I discovered I was unable to access my Authy tokens, because I had forgotten the backup password.  Authy support, although very understanding, couldn't help because they don't store the backup passwords in plain text.  


I was eventually able to get into all my accounts, and either disable and re-enable 2FA, or use a different token to gain access and change the 2FA code.  I would like to put these tokens in Authy again, but so far I have been unable to delete my account in order to do so.  Right now they reside in the Google Authenticator app where they are not being backed up, although I did generate a new set of recovery codes in case I am unable to get access to my phone.


UPDATE: I was finally able, with the help of Authy support, to delete the encrypted Authy tokens and create new ones. I now have the backup password stored in a safe place.


The take away:

So the question most people ask now is "If it is so much trouble, why do it at all?"  The answer is easy.  If you don't use multi-factor authentication you could have your email, and other accounts, more easily compromised and become another John Podesta.  Yes, two factor authentication does involve another step.  Yes, it does involve some setting up to begin with. But you have to ask yourself one simple question, what is "not getting hacked" worth to you? For instance, is it worth a little setup time and a fairly short delay when logging in?  I believe the answer has to be Yes.


1
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
0 Comments

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Join & Write a Comment

We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month