Two-factor authentication - recommendations?

Forums › Off topic › Two-factor authentication - recommendations?

jonathan18

7415 posts

Uber Geek
+1 received by user: 2850

ID Verified

Trusted

#198687 19-Jul-2016 09:46

I've not yet found the time to switch to using 2FA, but reading some posts here reminded me it's time to get around to getting this sorted for at least some key sites.

Are there any particular reasons why I should select Authy over LastPass Authenticator? I'm already a LastPass Premium user, but not sure if this in itself is reason enough for me to use it.

I'm assuming I can use Authy to require 2FA for accessing LastPass? (Given that's my biggest vulnerability, so being able to do so is a critical factor.)

I understand that one needs to always have access to a phone to be able to use LastPass Authenticator, whereas Authy can work if need by solely via a browser (certainly a tick for Authy). I'm assuming, though, that LastPass Authenticator does at least back up to the cloud? If so, at least this doesn't have the huge limiting factor of Google Authenticator in that you're fairly screwed if you lose your device.

Any reasons as to why one is preferable to the other (and whether there are benefits from using LastPass' product, given I use its password management) most welcome!

Thanks.

freitasm

BDFL - Memuneh
80646 posts

Uber Geek
+1 received by user: 41030

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#1595105 19-Jul-2016 15:36

If you have LastPass already then is one less app to install - keep using it. In my case I use Authy and LastPass, simply because I adopted 2FA wherever possible way before LastPass brought their own implementation.

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

jonathan18

7415 posts

Uber Geek
+1 received by user: 2850

ID Verified

Trusted

#1595330 19-Jul-2016 22:06

Thanks for the advice; I've followed it, and enabled 2FA in LastPass. This went without any problems, so it's functioning fine on my phone, but...

The problem is I share a LastPass account with my wife; we also share the laptop with a single login (queue the howls of disapproval!). It seems that Lastpass Authenticator can't be set up to access the same LastPass account on more than one device. Hence, if it's on my phone, my wife can't have it on hers, which kinda makes it unworkable for us.

Are there any ways around this?

I came across the ability to use the same Google Authenticator account on multiple devices (one option was simply printscreening the QR code and scanning it on each device - this doesn't work with Lastpass).

I also see that Authy's not listed as one of the supported options for LastPass (whereas Google Authenticator is), so Authy's no use given my key desire is to provide 2FA for LastPass!

Despite the heavy criticism of Google Authenticator, is my best bet to try this?

Thanks for any further advice...

freitasm

BDFL - Memuneh
80646 posts

Uber Geek
+1 received by user: 41030

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#1595333 19-Jul-2016 22:08

Wherever your read Google Authenticator you can replace with Authy. They are the same and Authy offers true sync between devices.

I use Authy is 2FA for my LastPass account. If LastPass doesn't work in that situation then you might have to revise the adopted solution.

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

jonathan18

7415 posts

Uber Geek
+1 received by user: 2850

ID Verified

Trusted

#1595339 19-Jul-2016 22:13

freitasm:

Wherever your read Google Authenticator you can replace with Authy. They are the same and Authy offers true sync between devices.

I use Authy is 2FA for my LastPass account. If LastPass doesn't work in that situation then you might have to revise the adopted solution.

Well, if you say Google and Authenticator and Authy are essentially interchangeable, I'll give it a go trying to secure LastPass with Authy (selecting Google as the option). It's worth trying anyway, unless there's a flaw to that plan? Thanks for this.

freitasm

BDFL - Memuneh
80646 posts

Uber Geek
+1 received by user: 41030

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#1595344 19-Jul-2016 22:17

If you need the portability and sync, go for it.

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

Stu

Hammered
8740 posts

Uber Geek
+1 received by user: 2391

Moderator

ID Verified

Trusted

Lifetime subscriber

#1595345 19-Jul-2016 22:21

I also use Authy. As mentioned above, use it anywhere Google Authenticator is mentioned. Lastpass for passwords and Authy for 2FA is a good combination, for me anyway.

People often mistake me for an adult because of my age.

Keep calm, and carry on posting.

Referral Links: Sharesies -

Are you happy with what you get from Geekzone? If so, please consider supporting us by subscribing.

No matter where you go, there you are.

Lego

Shop now for Lego sets and other gifts (affiliate link).

jonathan18

7415 posts

Uber Geek
+1 received by user: 2850

ID Verified

Trusted

#1595353 19-Jul-2016 22:42

Thanks so much, guys - got Authy working on both our mobiles and the iPad! Now to get 2FA enabled for other sites other than LastPass, eg Google, Microsoft etc...

jonathan18

7415 posts

Uber Geek
+1 received by user: 2850

ID Verified

Trusted

#1595427 20-Jul-2016 08:29

One question that hopefully someone can answer: is there any trick to forcing the Authy app to sync across any devices logged into the same account?

After adding a Google account on the iPad, I went to authenticate using Authy on my phone, only to find it wasn't there. Went back to the iPad and used that to authenticate; only after that did that Google account show up in Authy on my phone. I see that other accounts I set up on the iPad (but have not actively used since setting up) are still not visible on the other devices.

Is it that, until an account is used on the device it was initially loaded, it will not be synced across any other device? Or is there something I'm doing wrong or a setting I cannot find?

I've not been able to find any advice regarding this on the web, which may just reflect my white belt in Google-fu. Thanks for any ideas.

freitasm

BDFL - Memuneh
80646 posts

Uber Geek
+1 received by user: 41030

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#1595431 20-Jul-2016 08:34

Have you enabled multi-device?

Authy is a bit leggy on replicating accounts but they get there. You don't want to add an account, remove and then add again because this will cause problems as Authy archives the account for 48 hours before removing it forever.

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

jonathan18

7415 posts

Uber Geek
+1 received by user: 2850

ID Verified

Trusted

#1595437 20-Jul-2016 08:40

freitasm: Have you enabled multi-device?

Authy is a bit leggy on replicating accounts but they get there. You don't want to add an account, remove and then add again because this will cause problems as Authy archives the account for 48 hours before removing it forever.

Yep, have multi-device enabled (hence an account syncs, but only once used on the original device!).

But your other point regarding adding/removing/adding accounts could well the problem - I ended up having to do this on my wife's phone as I'd stupidly used her mobile number on her device, rather than ensuring it had mine (ie, all the same details as on the other devices). I had to remove and reinstall the app, then combine accounts with the same phone number. If this is the cause, I'd imagine it'll sort itself out in the next couple of days.

Thanks again for your help, Mauricio.

jonathan18

7415 posts

Uber Geek
+1 received by user: 2850

ID Verified

Trusted

#1596118 21-Jul-2016 12:03

I have to say that, based on my experience thus far, that for many sites 2FA isn't at a stage where I can see there being huge buy-in from the wider populace - it can be a real $@#$ getting it working on some sites, and there's so much variation as to how to set it up. A pity, as I'd imagine those who are most unlikely to add it to their security arsenal are also those most likely to need it (ie, likely to have poor password management/selection)!

In particular, I found the Office 365 set-up a bit convoluted, but wonder if that's made more complex by it being a business account (even though for only one user!)? Others like Google and LastPass were straight-forward (especially as there are often detailed walk-throughs for such sites).

What shocks me is that neither eBay or (more importantly) PayPal seems to have 2FA available here in NZ; it appears that PayPal provides text-based authentication to US-based clients, but I've had nil luck enabling it in my account (eg, the ability to verify a mobile number is just not present in settings, despite it showing in various online guides). Has anyone here managed to set it up for PayPal?

Also disappointed by my own bank (Kiwibank) which has told me that a move to provide 2FA is on the "distant horizon"; personally, I'm not that happy with their security question approach on the website, and solely relying on a 4-digit pin on the app. (But then again, they generally are sooooooooooooo slow with adding such features - they also said they've got no plans to provide real-time credit card transaction reporting. I can't imagine they also have any plans to enable contactless payment by NFC either!)