Two-step verification is a way to give your accounts more
protection than just a password or PIN. If you use a verification app
like Google Authenticator (iOS, Android), you log in to your account
(email, bank, Amazon, and so on) with your username and password, and
the app sends a temporary code to your phone that's the final key to get
into your account. But if you want to generate verification codes on
your desktop or laptop, you can.
Method 1: Chrome browser extensions
Using
a Chrome extension is the most approachable method, because the
extension will work on any device that runs the desktop version of the
browser. Authenticator for Chrome,
for example, works in Linux, on Google's Chromebook laptops, as well as
on Mac and Windows PCs. (Firefox doesn't currently have a comparable
option, but the newly launched Open Two-Factor Authenticator may prove as popular, in time.) Authenticator doesn't have a catchy name, but it works pretty nicely.
There's also Authy for Chrome,
but it hooks into the cloud and requires your phone number. If you're
just doing app-based two-step verification, it's more secure to perform
that function completely offline. But Authy is handy for codes generated
via SMS messages that are ordinarily sent to your phone.
How to set up Authenticator for Chrome
Let's
say you want to add Amazon two-step verification codes to
Authenticator. After installing the browser extension, go to Amazon's
website and log in. Go to Your Account, scroll down to Settings, click
Login & Security Settings, and go to Advanced Security Settings.
Click the Edit button, then Add New App in the Preferred Method section,
click the link labeled Can't Scan the Barcode, and copy the bolded
string of letters and numbers to your clipboard (Ctrl-C on your
keyboard).
Add caption
Click
the Authenticator icon in the upper-right corner of Chrome (it looks
like a tiny QR code), then the pen icon at upper right. Click the +
button and Manual Entry. Enter the email address associated with your
Amazon account into the Account section. Paste that clipboard string
into the Secret section, then click OK. Authenticator generates a new
code every 30 seconds -- to copy it quickly, just click the code, and
Authenticator will add it to your clipboard.
Authenticator may
warn you that this string is not encrypted. If you decide to create a
passphrase to encrypt the entries, be aware that you will lose access to
this entry if the passphrase is lost. For your security, there is no
password reset option.
Add caption
Method 2: Desktop client software
If
you don't want to use Chrome, or if you prefer to keep your two-step
verification code generation separate from your browser, you can install
a standalone desktop app. However, you don't have as many options.
WinAuth
is arguably the best for Windows users. It automatically supports a
variety of services like Google, Microsoft, and Steam, and you can
manually add secret strings for things like Amazon.
To do so,
navigate to the folder where you downloaded WinAuth and double-click the
app. This is not an installer file. Instead, the program is
self-contained within this EXE file. Click the Add button, then
Authenticator. Put something descriptive in the Name section, paste
Amazon's secret string from your clipboard into the field below that,
click Decode, then click Verify Authenticator. This will generate a test
code. Go back to the Amazon account page where you copied the secret
string, type this test code into the Enter Code section, and click the
button labeled Verify Code and Continue.
Add caption
WinAuth
will now give you the option to protect your codes with a password. It
will also offer to use Windows' built-in encryption or a YubiKey. You
can either create your password and click the OK button, or click the
Cancel button to bypass these protection options. (If you change your
mind later, you can access this menu by clicking the gear icon and
selecting Change Protection.)
To generate a code, click the
circular arrow button to the right of the account name. This code will
be valid for 10 seconds. Right-click the entry to see a variety of
options, like deleting it, renaming it, customizing its icon, and other
functions.
What about two-factor authentication?
With
two-factor authentication (2FA), factor one is the device you want to
log in with, and factor two is the device you use to generate codes. So
if you're generating codes on the same device you're logging in on, then
you're technically not engaging in two-factor security. You're just
using two-step verification.
Though two-step is not as secure as
two-factor, it's still useful. For instance, if an unauthorized user
breaks into a consumer database and gets your login info -- as with 68 million Dropbox accounts -- the intruder still won't be able to get into your account without the authentication code.
When
hacks like that happen (and they happen more often than we'd like), it
doesn't matter how good your password is, because the hackers will have
it right in front of them if they can decrypt the database. But they
won't have your verification code, since that's only generated on the
device that you previously authorized to generate those codes.
No comments:
Post a Comment