Now that app-based authentication is far more common, let's talk about a major sin Google is doing:
They ONLY recommend using Google authenticator.
Google authenticator is one of the worst apps to use: you lose your phone, and you've lost your auth codes.
Use eg Authy instead.
They ONLY recommend using Google authenticator.
Google authenticator is one of the worst apps to use: you lose your phone, and you've lost your auth codes.
Use eg Authy instead.
Google makes it seem like their auth solution *only* works with Google Authenticator.
This is false. It works with all authenticator apps.
They are pushing their own, subpar app down the throats of people, instead of either improving it, or offering alternatives.
This is false. It works with all authenticator apps.
They are pushing their own, subpar app down the throats of people, instead of either improving it, or offering alternatives.
Didn't realize until now but apparently there is a backup option with Google Authenticator, by printing QR codes and saving them somewhere safe.
Still unclear why Google only recommends Google Authenticator when alternatives do encrypted cloud backups.
Still unclear why Google only recommends Google Authenticator when alternatives do encrypted cloud backups.
Since Google Authenticator is the "de facto" app in this space, so many sites that support 2FA also pretend like this is the one to use.
E.g. here's a trading site making it seem Google Authenticator or Microsoft Authenticator is the only ones they support. Again, false.
E.g. here's a trading site making it seem Google Authenticator or Microsoft Authenticator is the only ones they support. Again, false.
A word of advice: for any app that supports easy backups, double-check on how to protect against SIM swapping.
Authy is great but ONLY if you turn off Multi-Device after you set it up. Else a SIM swap gives an attacker access to all your OTPs (!!)
support.authy.com
Authy is great but ONLY if you turn off Multi-Device after you set it up. Else a SIM swap gives an attacker access to all your OTPs (!!)
support.authy.com
“Is this a paid tweet?”
I get this a lot whenever I mention anything that I use.
Nothing I write about is paid: not on Twitter, not elsewhere (and if it was, I would mention affiliation, even if it’s indirect). This is the reason I have an ethics policy: blog.pragmaticengineer.com
I get this a lot whenever I mention anything that I use.
Nothing I write about is paid: not on Twitter, not elsewhere (and if it was, I would mention affiliation, even if it’s indirect). This is the reason I have an ethics policy: blog.pragmaticengineer.com
In the thread, other 2FA Authenticator mentioned:
@1Password (I didn’t even know they had one; I’ll try it out as I’m a paying user)
Microsoft Authenticator: more security than Authy
@2FAS_com
Do your research for both security + restoring if device lost
@1Password (I didn’t even know they had one; I’ll try it out as I’m a paying user)
Microsoft Authenticator: more security than Authy
@2FAS_com
Do your research for both security + restoring if device lost
Loading suggestions...