Free Trial: TheSiteFactory.com

Authenticator Apps

Software. Marketing. Training. Running your business.
#1
Posts:
3574
Joined:
4-Mar-2018 9:03pm
Location:
Near the Kwanzan cherry tree
Since January now appears to be Scammer & Hacker Month in our profession, I'm wondering how many of you use authenticator apps and, if you use them, have you made them mandatory everywhere possible in your data security policy?

What do you use?

I'm a late adopter, but have started using the Authy app on my phone.

For websites that store client and third party SSNs, like the 1099 efile websites, I consider an authenticator app absolutely necessary now-a-days. It's just to easy to comprise a username and password.
 

#2
wel  
Posts:
78
Joined:
3-Sep-2016 4:29am
Location:
USA
TR Authenticator for Thomson Reuters = daily. Microsoft Authenticator for Microsoft = occasional.

Have also use Duo and Google authenticators. All work fine.
 

#3
Posts:
1552
Joined:
21-May-2018 7:50am
Location:
SC
I stopped using Google Authenticator when I had the primary device fail, and I lost access to the app. It took forever to gain access to linked accounts. Others have allowed me to set up secondary devices if the primary becomes unavailable, but could not do that with Google.

I use the IRS Authenticator, one for Zoho (my password manager), and Microsoft's. I also use the TR Authenticator if I need to do work on a 2015-2018 tax return. I have not widely adopted them in other places because they are still not available outside of Google Authenticator, which I refuse to use again. I do need to set up TFA via text wherever possible, though, at minimum, even though it is not nearly as secure as an authenticator app. I have TFA via text set up for my remote software and various other accounts, but I have so many accounts I will need to create a list and go one-by-one to identify if TFA is enabled and which method.
 

#4
Posts:
2041
Joined:
24-Apr-2014 7:54am
Location:
Wisconsin
I use TR Authenticator app but every other website with 2 factor authentication does not use a regular app. How do you use an authenticator app when it's not native to the website?
 

#5
Posts:
1552
Joined:
21-May-2018 7:50am
Location:
SC
missingdonut wrote:I use TR Authenticator app but every other website with 2 factor authentication does not use a regular app. How do you use an authenticator app when it's not native to the website?


Some offer Google or Microsoft Authenticator, but it is not as widespread as it should be. Typically, the TFA I see made available is e-mail code or SMS code. I know those methods are not as secure, but at least "I" am not at risk of getting locked out of my own services if a device fails, or I happen to not be carrying a particular device that has the authentication app but can still receive e-mails/texts.
 

#6
Posts:
3574
Joined:
4-Mar-2018 9:03pm
Location:
Near the Kwanzan cherry tree
Cornerstone -- Google Authenticator does present a problem if your phone stops working, is lost or stolen. Recovery isn't easy. I started out using Google Authenticator but stopped because I saw the writing on the wall if I ever was in one of those situations. It would be a nightmare if that occurred during tax season.

Authy is better in that you can backup everything with a password and recover all accounts if needed. You can also set it up on multiple devices. Authy also works everywhere that Google Authenticator works.

missingdonut wrote:How do you use an authenticator app when it's not native to the website?


What do you mean? Do you mean that the website requires that you use an authenticator app? Or that the website uses 2FA via text message?

If the former, you download a 2FA on your phone or tablet, such as Google Authenticator, Authy, whatever (there's about a dozen out there), you go through the process of setting 2FA up on the website and with the app, which usually involves scanning a QR code generated by the website with your authenticator app.

After it's setup, the authenticator app generates a 6 digit number every 30 seconds based on the original QR code given by the website (that only the website and the authenticator app know) and algorithm. When you login, you're prompted to enter whatever 6 digit number is currently appearing for that account in your authenticator app.
 

#7
Posts:
2041
Joined:
24-Apr-2014 7:54am
Location:
Wisconsin
All of my 2FA (except for Thompson Reuters) is by e-mail or SMS. I agree that it is not ideal, although better than nothing, and I increasingly use a password manager to generate and save more secure passwords.

My question is if it is possible to implement 2FA on a website of which doesn't have it. Like the TaxProTalk forums. Is it possible to use one of those apps so that someone can't hack into my account here and post dumber things than I normally post?
 

#8
Posts:
3574
Joined:
4-Mar-2018 9:03pm
Location:
Near the Kwanzan cherry tree
missingdonut wrote:My question is if it is possible to implement 2FA on a website of which doesn't have it. Like the TaxProTalk forums.


No. It takes two to tango.

An authenticator app works as I described above. If the website isn't setup to provide 2FA via an authenticator app, it's not possible to use one with that website.
 

#9
Posts:
2041
Joined:
24-Apr-2014 7:54am
Location:
Wisconsin
Much appreciated. In that case I hope a better solution is found because a lot of people will have little interest on putting a bunch of different authentication apps on their phone, and the consolidated ones (like Google) seem problematic.
 

#10
Posts:
3574
Joined:
4-Mar-2018 9:03pm
Location:
Near the Kwanzan cherry tree
Google Authenticator is problematic. But Google Authenticator is not the only consolidated authenticator app out there. And not all consolidated authenticator apps have the limitations of Google Authenticator.

I've already mentioned a competitor to Google Authenticator that IMO is superior.
 

#11
Posts:
2041
Joined:
24-Apr-2014 7:54am
Location:
Wisconsin
Point taken.
 


Return to Business Operations and Development



Who is online

Users browsing this forum: No registered users and 32 guests