However, no form of 2FA using temporary codes is immune to phishing attacks. The site will show you a QR code, which you capture in the authenticator app on your phone using your phone's camera. Log in to an online service on a desktop or laptop web browser, go to your security settings, and indicate that you want to set up an authenticator app for 2FA.
(Image credit: Google's Authenticator app on an iPhone's app screen.
These aren't used much anymore, because it's easier to generate codes on smartphones. You typed in that number whenever you logged in to your workplace network from home or while traveling. Code-generating hardware tokens: If you worked in a big company 10 or 15 years ago, you may have been given a little doohickey for your keychain that displayed a new six-digit number every 30 seconds. (Android devices and older iPhones using Apple 2FA have to stick to SMS-based codes.) Apple does this with iPhones, iPads and iPod Touch devices running iOS 9 or later. Push codes: These are temporary codes sent over encrypted internet connections, rather than phone lines, to an app on your smartphone or to the phone's operating system. There are better second factors available, however, some of them just as easy to set up as the texted-code system. SMS-based and voice-based 2FA are better than no 2FA at all, and many online services give you no other choice. You also need to have working cellular service for the texts to work at all. They can be intercepted by anyone who has stolen your phone number, who has changed your account to forward calls or texts to a second number, or who works at the phone carrier. Text messages and voice calls aren't encrypted, and they're tied to your phone number rather than to a specific device. This may be the kind of 2FA you have, but it's also the least secure form. A variation is to have an automated phone call read out the code out to you, which also works with land lines.
The code is automatically generated by the service you're logging in to and is good for only a short time, usually less than 5 minutes. Texted or voice-called codes: The most common second factor for 2FA is a temporary four- or six-character digital or alphabetic code texted via SMS to your mobile phone.
0 kommentar(er)
