Elon Musk’s decision to charge SMS fees to verify the identity of Twitter users highlights two-step authentication services
Twitter suddenly announced a few days ago that it will start charging its users for two-step verification via SMS. This extra layer of security includes using a second method to access your social networking service or email account; That is, if the user wants to access his Twitter account from a mobile phone or a computer that is not the usual one, it will be necessary to confirm the access via SMS sent to the mobile phone. It is one of the easiest ways to prevent account hacking.
In two-step verification (also known as 2FA), there are several ways to identify a user: through a text message sent to the cell phone, or through a temporary code generated by an application. Twitter has already confirmed that only Blue subscribers, its paid version, will be able to continue to use SMS as a verification method; But the second option, in-app verification, remains free.
Ironically, experts agree that the latter is more secure than SMS, due to the increased threat of identity theft with a duplicate SIM. Even Elon Musk, the owner of Twitter, recalled that SMS is the least secure method of 2FA. So what are the best apps to secure access to Twitter and other services on the web?
Authy
Authy has been one of the most mentioned applications these days on the networks as an alternative to SMS, and not by chance: it is this application that has the best user ratings.
This popular app lets you generate temporary codes that replace SMS (highly recommended, except to reduce the possibility of a cyberattack, as you don’t need to be connected to the Internet). In fact, there are many apps that fulfill this task, but Authy manages to combine functionalities in a very simple interface, with the possibility of protecting biometric access (using a face or a fingerprint, depending on what the device allows), and totally free of cost. No data delivery in return? In fact, Authy explains: its market is in companies, and they are the ones who finance this product completely free of charge.
1Password
While there are many apps – like Authy – that are solely dedicated to creating temporary codes for 2FA, other more complex apps also involve password managers. That is, they allow the creation and storage of passwords for different accounts so that the user does not recognize them when they are entered using the biometric method. 1Password is, along with LastPass, an old acquaintance of the market, and keeps a clean file in terms of security.
Generating 2FA codes (those used to replace SMS) is just an extra part of a great app that manages and stores different passwords. Unlike Authy which offers more features, this app is distributed on multiple platforms but offers full integration on different platforms and browsers. In this way, when accessing a service, the username and password can be consulted from the mobile phone and the browser without having to change the application.
iCloud
Apple has always made privacy its science, which is why the Keychain functionality built into iCloud, which includes the ability to generate temporary codes (2FA), has evolved. In this way, ecosystem users can add temporary passwords that will be synchronized through iCloud on the rest of the devices. Tim Cook integrates this functionality completely free of charge, so it could be a solid option for anyone with an iPhone, Mac, or iPad. Californians tend to commit penance for sin, and as a con, Llavero’s excessive integration into the system makes it very unintuitive when it comes to editing, editing, or adding a temporary password.
Like 1Password, Apple Keychain lets you store and generate passwords and supports temporary passcodes.
Google Authenticator / Microsoft Authenticator
Google, along with Microsoft, was one of the first big companies to bet on two-factor verification, developing its own applications for generating temporary codes. We are offering both apps together because they basically offer the same functionality, but Microsoft has managed to take the lead by adding valuable additional features. Thus, while in the Google app, it is not possible to configure any password or access biometrics (through which anyone with mobile access can also access the codes), the Microsoft Authenticator closes access to all users who are not holders.
Completely free, Redmond’s powerful application offers interesting improvements in terms of the user, such as what they call “passwordless authentication”, which consists of a notification window on an associated device, through which, with a single touch, they can access the service. Microsoft’s app also allows for password autofill, which can be automatically entered into the browser.
Yubiko
Finally, and for those who want top-notch protection for their accounts, a more secure alternative to 2-Step Verification is to use a physical key. In that sense, Yubico is dedicated to combining 2FA with USB-style keys that include biometric authentication; That is, in the initial configuration of the account, the user must touch the key with his finger and the system will generate a temporary code. All this information is stored encrypted in the cloud and the system supports the main services (Facebook, Google, Dropbox …). Yubico offers several types of keys (with USB-C and Lightning connectors, and also wireless via NFC). Incorporating a physical element undoubtedly adds an extra layer of security, although the authentication process (done once per device; the key does not need to be requested each time the service is accessed) is more difficult.
