We’ve discussed in previous Hybridge blogs the many advantages of deploying two factor authentication to protect this information. User names and passwords are not enough to protect your accounts and data and there are a lot of people out there working hard to get your personal data. All Hybridge clients need to protect confidential information, either for commercial reasons, or because they are subject to regulatory or compliance requirements including ISO 27001, SOC 2, HIPAA, or SEC Registration.
The “default” 2nd factor is typically a text message. While better than nothing this has three main disadvantages: it doesn’t work on planes or (often) overseas, it only works on one device at a time, and (most importantly) it only takes minutes for a bad actor to port your phone number to another phone, thus cracking your security.
Google Authenticator is a better solution. This is a secure app that generates time-based 6-digit passcodes for the 2nd factor. It works in airplane mode and is tied to a specific phone so even if someone steals your number your data is secure.
The big problem with Google Authenticator is that when you get a new phone you must individually re-enroll all your accounts. Authy solves this problem.
Authy offers a great and free solution that works the same way as Google Authenticator, but makes it easy (and secure) to add or transfer your 2nd factor account enrolment to a new device without having to re-enroll every account. It also allows you to revoke a device from being able to generate passcodes for you, which is important if a device is stolen.
