2019/07/17 10:56am

Quick and easy two-factor authentication codes on your wrist with Authy

“If you have built castles in the air, your work need not be lost; that is where they should be. Now put the foundations under them.”

― Henry David Thoreau

We’re living in an increasingly nebulous and complicated world of digital security. There are few hard rules and there is always a struggle to balance security and convenience. Two-factor authentication (short hand: 2FA) adds an extra layer of security to you account to make it more difficult for anyone but you to access your account. This is usually done by either by sending an SMS code to your phone or by using a time-based authenticator app like Authy or Google Authenticator. The authenticator app gives you a time-based authentication token that must be inputed on the login screen within a certain time or the code is no longer valid. Most people opt for sending the SMS code, but there are ways that SMS 2FA has been bypassed and hijacked it’s clear that it’s a significantly less secure choice.

Many of the popular sites or apps you use will offer 2FA, but not all of them offer 2FA with an authenticator app. Authy has guides that walk you step-by-step through setting up 2FA on many of the most popular sites on the web. I chose Authy over Google Authenticator because I found it was easier to back up and use on multiple devices. Authy works with any of the site or app that Google Authenticator does, even if the site or app doesn’t explicitly say so.

I set 2FA a couple of years ago and with any sort of security measure you add, there is some annoyance that comes along while using it. It wasn’t until a couple of months ago that I realized Authy had an Apple Watch app which makes it incredibly quick and easy to get 2FA tokens for logging in. When you open the app you see a list of all the sites or apps you have setup, and tapping the tile reveals the token or code you must enter. There’s a bar at the bottom that counts down the time until that code is invalid and a new code is revealed. Using this has removed so much friction when logging in to these apps. It faster than ever before to login and I feel more certain that my credentials are secure.


Also published on Medium.