![]() All an authenticator app does is generate a six-digit code that helps you do that. Here's how it works: Install an authenticator app on your smartphoneĪuthenticator is one of those scary, five-syllable words nerds use to talk about something fairly simple: it helps you verify that you are, in fact, you when some cheeky computer asks about your identity. Now, instead of using a passcode sent via text message to your smartphone, you can use an authenticator app on your smartphone to generate a temporary, one-time-use passcode to log in to Populi when a login approval is required. Both Duo Mobile and Authy suggest that not encrypting the account names or sites can help with account recovery, but that claim rings hollow to us: Knowing which accounts have two-factor authentication enabled doesn’t ease the process of getting back into an account.We just released a significant improvement to login approvals in Populi. Better yet, we’d prefer the company didn’t collect this data at all. Authy recently updated its privacy notice to include more information about what the company can access and added in an email to us that, “Access to this information is limited to employees who either support Authy or have a valid need-to-know.” We appreciate the addition to the policy but think this information should be in the app, as well. ![]() Unlike Duo Mobile, which stores the backup on either iCloud or Google Drive, Authy stores the backup on its own servers, which theoretically gives the company access to those details. Security researchers at Mysk also found this same info was sent in analytics, which may be linked to your email address and phone number. Similarly to Duo Mobile, Authy’s backups don’t encrypt some information that you might expect it to, sometimes including the name of the website and a username (you can edit these, but we suspect few people bother to do so). But for most people, the potential security risk of backing up codes online is outweighed by the fear of being locked out of accounts for good, so for the apps that do offer backups, we looked for clear explanations of how the backups worked, where they’re stored, and how they’re encrypted. So we looked for authenticators that left this feature opt-in. Optional backups: The security researchers we spoke with said they don’t recommend backing up or syncing a two-factor authentication account because then your tokens are on the company’s servers, which could be compromised.Going with a reliable company helps guarantee continued support for new mobile operating systems and tech support if something goes wrong. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |