Last Updated: February 25, 2016
·
711
· destructuring

Use two-factor auth but not with an app

Two-factor authorization makes it hard for thieves and owners. Thieves have to acquire the phone/dongle and owners have to keep it. Google's two-factor authentication is popular, works on a phone as sms, voice, or application.

Avoid the application because you don't know how the phone or application manages the secret tokens. It's not possible for normal people to restore those tokens if they get lost after an iPhone upgrade or memory gets scrambled.

Do use two-factor with SMS messages because it's easy to read, no state is kept on your phone, and is attached to your phone number. If you lost the phone, you can port the phone number to another phone very quickly.

You should also print out the backup codes and carry a few in your pocket with a custom cipher applied.

2 Responses
Add your response

have you looked at Authy...its a mobile 2 factor auth app

over 1 year ago ·

Authy is neat for adding 2 factor to your service, but I'm staying away from applications since I can't recover from a lost phone or wiped OS. With SMS, I can easily port my number to another phone.

over 1 year ago ·