⭐ Merited by suchmoon (4) ,vapourminer (3) ,Ratimov (3) ,DdmrDdmr (2) ,Coolcryptovator (2) ,Charles-Tim (1) ,Daniel91 (1)
People usually care about increasing their funds, their capital but do neither care about losses nor pay attention to protect their funds/ capital. There are some reasons why they dont care about it.
- Dont aware of risks if they dont protect their accounts.
- Dont have knowledge.
- Being too lazy (aware of risks, have knowledge, but they dont do anything to secure accounts).
How many types of authenticators?
- SMS-based/ Email-based/ Voice-based/ Biometric-based authenticator
- 2-factor authenticators (2FA)
- FIDO U2F hardware authenticators
Which one is recommended to use and should be your first priorities?
2-factor authenticator softwares. They are free and more secured. Try to use Yubikey if you actually want to secure better with some funds.
Don't use SMS-based authentication if you can do it. Unfortunately sometimes you don't have choice because service providers (like banks) don't only give you that type of authentication. As being said, whenever you can avoid this type, avoid it.
The first type is less secured and more risky because there are SIM swapping attacks (for SMS, voice code) and if you rely on email, your account will be compromised if hackers have access to your email.
[BEWARE] Sim Port Attack and SIM swapping protection
With SMS-based authenticator, you can secure it better by set up PIN code for your SIM card, deactivate lock-screen notifcations. More details in the guide from Kaspersky.
Biometric-based authenticator is risksy because if you pass away, your family members can not get access to your account.
The second type is more secured and is the one should be used. Most of them use the OATH TOTP (Time-based One-Time Password) algorithm.
There are some softwares for you. More details
Google Authenticator: Android, iOS
Duo Mobile: Android, iOS
Microsoft Authenticator: Android, iOS
Free OTP: Android, iOS
Authy: Android, iOS, Windows, macOS, Chrome
Yandex.key: Android, iOS
Aegis: Android
When using those apps, there are mandatory steps to do: backup 2FA codes (to recover later if your phones / devices broken and can not be prepaired), and test the validity of those backup codes (make sure that you make good backups and they can be used to recover).
Some people don't know these two important and vital steps. They activate 2FA on their accounts, enter 2FA codes to apps, but don't back those codes and don't test backup's validity. If their devices are stolen or broken, they get troubles.
Some advice for 2FA
- Make backups of 2FA codes before activating it
- Activating it by manually entering 2FA codes, don't scan QR code.
Because when you entering 2FA code manually, you also check the validity of your code backup.
If your code backup is not correct, you can not activate the code for your account.
- Retest code backup on another device if possible.
- Don't take a photo and store code backup on your device. There are risks that your devices can be compromised and photo or backup will be leaked.
- Install 2FA app on your another device, and it should mostly be offline. Don't store all eggs in one bag.
Remember that there are two layers of backup: backup codes, and 2FA secrect key (or bar code). I advise you to do backup for both of them, or if you choose only one to backup, it should be 2FA secret key, not barcode. With secret key, you will be easier to guess if character, figure are blurred a little bit but with bar code, it is almost nothing to do. Of course, saving 2FA secret key backups as best as possible is the must thing to do.
Store them offline.
Backup codes
2FA secret keys
FIDO U2F hardware authenticators: YubiKey and others
It is not an exact comparison but you can imagine 2FA-app and Yubikey like non-custodial wallet softwares (Bitcoin Core, Electrum) and hardware wallets.
Buy at Yubico's store
Using your Yubikey with authenticator codes (from Yubico.com)
How to use a Yubikey (from wired.com)
2FA HW security keys, Yubikey&such
Sources:
Aegis Authenticator, a decent alternative to Google Authenticator and Authy
Traditional Authentication, 2FA and 2SV
[TUTORIAL] Generate 2FA with Keepass (instead of Authenticator App)
2FA practical guide and 2FA notification trap (from Kaspersky.com)
5 different two-step authentication methods to secure your online accounts and What is two-factor authentication and should I be using it (from howtogeek.com)
https://authy.com/what-is-2fa/
https://techlog360.com/two-factor-authentication-2fa/
Good topics on security and privacy
https://bitcasino.io/blog/cryptocurrency/what-is-2fa-and-why-is-it-so-important-
- Dont aware of risks if they dont protect their accounts.
- Dont have knowledge.
- Being too lazy (aware of risks, have knowledge, but they dont do anything to secure accounts).
How many types of authenticators?
- SMS-based/ Email-based/ Voice-based/ Biometric-based authenticator
- 2-factor authenticators (2FA)
- FIDO U2F hardware authenticators
Which one is recommended to use and should be your first priorities?
2-factor authenticator softwares. They are free and more secured. Try to use Yubikey if you actually want to secure better with some funds.
Don't use SMS-based authentication if you can do it. Unfortunately sometimes you don't have choice because service providers (like banks) don't only give you that type of authentication. As being said, whenever you can avoid this type, avoid it.
The first type is less secured and more risky because there are SIM swapping attacks (for SMS, voice code) and if you rely on email, your account will be compromised if hackers have access to your email.
[BEWARE] Sim Port Attack and SIM swapping protection
With SMS-based authenticator, you can secure it better by set up PIN code for your SIM card, deactivate lock-screen notifcations. More details in the guide from Kaspersky.
Biometric-based authenticator is risksy because if you pass away, your family members can not get access to your account.
The second type is more secured and is the one should be used. Most of them use the OATH TOTP (Time-based One-Time Password) algorithm.
There are some softwares for you. More details
Google Authenticator: Android, iOS
Duo Mobile: Android, iOS
Microsoft Authenticator: Android, iOS
Free OTP: Android, iOS
Authy: Android, iOS, Windows, macOS, Chrome
Yandex.key: Android, iOS
Aegis: Android
When using those apps, there are mandatory steps to do: backup 2FA codes (to recover later if your phones / devices broken and can not be prepaired), and test the validity of those backup codes (make sure that you make good backups and they can be used to recover).
Some people don't know these two important and vital steps. They activate 2FA on their accounts, enter 2FA codes to apps, but don't back those codes and don't test backup's validity. If their devices are stolen or broken, they get troubles.
Some advice for 2FA
- Make backups of 2FA codes before activating it
- Activating it by manually entering 2FA codes, don't scan QR code.
Because when you entering 2FA code manually, you also check the validity of your code backup.
If your code backup is not correct, you can not activate the code for your account.
- Retest code backup on another device if possible.
- Don't take a photo and store code backup on your device. There are risks that your devices can be compromised and photo or backup will be leaked.
- Install 2FA app on your another device, and it should mostly be offline. Don't store all eggs in one bag.
Remember that there are two layers of backup: backup codes, and 2FA secrect key (or bar code). I advise you to do backup for both of them, or if you choose only one to backup, it should be 2FA secret key, not barcode. With secret key, you will be easier to guess if character, figure are blurred a little bit but with bar code, it is almost nothing to do. Of course, saving 2FA secret key backups as best as possible is the must thing to do.
Store them offline.
Backup codes
2FA secret keys
FIDO U2F hardware authenticators: YubiKey and others
U2F hardware tokens are the darling of security specialists, primarily because, from a user perspective, they work very simply. To get started, simply connect the U2F token to your device and register it in a compatible service. The whole process takes just a couple of clicks.
Buy at Yubico's store
Using your Yubikey with authenticator codes (from Yubico.com)
How to use a Yubikey (from wired.com)
2FA HW security keys, Yubikey&such
Sources:
Aegis Authenticator, a decent alternative to Google Authenticator and Authy
Traditional Authentication, 2FA and 2SV
[TUTORIAL] Generate 2FA with Keepass (instead of Authenticator App)
2FA practical guide and 2FA notification trap (from Kaspersky.com)
5 different two-step authentication methods to secure your online accounts and What is two-factor authentication and should I be using it (from howtogeek.com)
https://authy.com/what-is-2fa/
https://techlog360.com/two-factor-authentication-2fa/
Good topics on security and privacy
https://bitcasino.io/blog/cryptocurrency/what-is-2fa-and-why-is-it-so-important-