Multi-factor authentication (MFA) is a must in today's world of continuously compromised passwords. You can no longer safeguard your credentials as you never know who will lose them and when. Many regulations also require MFA. If you are not in the MFA camp yet, you are mistaken. Banks have been doing it for years without us even knowing it. When you log in to your bank's website, you get a six-digit code over SMS or email that is required to complete the sign-in process.
That is the lowest and simplest version of MFA, called Step-Up Verification. In the era of SIM-swapping attacks and compromised emails, it's time to take it to the next level - authenticator application. You would install that app on your mobile phone, and many services support it today. It is safe from many MFA attacks and works offline - it does not require an Internet or cellular connection. Thus, it works even on an airplane or the top of a mountain. While a dozen applications are available, the two most common are Google Authenticator and Authy.
They both are two-factor authentication (2FA) apps that generate codes that can be used to authenticate a user's login to a website or service. Google Authenticator is a product of Google, while Authy is a product of Twilio.
Some other differences between the two include:
- Google Authenticator is available on various platforms, including iOS, Android, and Blackberry. Authy is available on iOS, Android, and Chrome.
- Google Authenticator offers no additional features beyond code generation, while Authy provides other features, such as managing multiple accounts and backup codes.
- Google Authenticator uses a time-based one-time password (TOTP) algorithm to generate codes, while Authy uses a more secure algorithm called HMAC-based one-time password (HOTP).
- Google Authenticator codes are valid for a limited time, while Authy codes can be valid for longer if the service supports it.
Overall, both Google Authenticator and Authy are effective 2FA solutions, and the choice between the two will likely come down to personal preference and the specific features that are important to the user.
Teaser... there is good news for password managers users. Stay tuned...
#ALTACyber
------------------------------
Genady Vishnevetsky
Chief Info Security Officer
Stewart Title Guaranty Company
Houston TX
------------------------------