Strong passwords are not safe anymore. There have been numerous news on data comprise, with usernames, email IDs and passwords being leaked to the general public. Amongst various hacks, a few famous leaks include Disqus’ breach in October of 2017 and LinkedIn’s breach in May of 2016.
The internet as we know it isn’t safe anymore. Given the importance of personal information published on one’s internet accounts, it’s extremely important to have 2 step verification enabled for all your internet accounts. If you have an email account with Google, Yahoo, Microsoft, social networking account with Twitter or Facebook, banking account with PayPal, publishing account with WordPress, or an internet account of any sort, it’s important that you add an additional layer of security with 2 step verification.
2 step verification originally, and is popularly still being, done through SMS. It’s insecure. SMS messages can be hijacked and codes meant to secure your account can land in the wrong hands. There are also times when you move countries and cannot receive codes on SMS.
That’s when 2 step verification by the concept of TOTP comes into play. TOTP is an algorithm that computes a one-time password from a shared secret key and the current time. [Wiki]
Apps like Google Authenticator and Authy work on the concept of TOTP and generate a time-based OTP that you can use to login into your online accounts that have 2 step verification enabled.
Authy is my personal preference as compared to Google Authenticator as it supports the ability to backup and share my codes across different smartphones I own. Authy is also available as a Google Chrome extension that you can use on the computer.
Authy insists a master password is set for your Authy account so that your Authy account is not compromised if your phone lands in the wrong hands. Authy works in any environment that supports Google Authenticator.
Use your primary email ID and mobile number for security purposes. Choose a master password when asked. Make sure that you do not forget it. Yes, you can always change your master password.
Setting up Authy with Google
Visit the Google security page and click on 2 step verification. Follow the onscreen instructions to setup of a code generator app (Authy) with your Google account. Scan the QR code shown with your Authy app, enter the code generated by the Authy app and you are good to go.
Setting up Authy with Facebook
Visit the Facebook security page and look at the 2 step verification section. Choose to use a code generator app for verification (Authy). Scan the QR code using Authy and enter the code shown on your app.
Setting up Authy with Twitter
Twitter has always had support for 2 step verification using code generator apps like Authy, but they officially announced it only a few days back. Visit the Twitter login verification page, and look for the section named Mobile security app. Scan the QR code shown there with the Authy app, enter the generated code and you are good to go.
Setting up Authy with Amazon
Amazon supports 2 step verification too by means of code generating apps like Authy and Google Authenticator. Visit the Amazon security page and click on Add new app button. It will take you to a page where a QR code is display, scan it with Authy, enter the code generated and you are good to go.
Authy does support 2 step verification for a whole lot of other internet accounts you have. You can see the full list on Authy website, or choose from the most popular ones: Yahoo, Dropbox, Apple, Slack.
If you are traveling between countries, enable 2 step verification using TOTP right away.