Authy iPhone

You just can’t take security too seriously these days, because even if you don’t think your personal information is all that interesting to others, you’re probably wrong. Whether it’s people selling your banking data or trawling your emails for ways to get into all of your social media accounts, you really don’t want anyone having access to your data when they don’t have your permission.

Recent high profile so-called hacks have highlighted the need for improved personal online security, with numerous celebrities having their personal photographs stolen and then leaked online. It transpired that the photos had been acquired via compromised iCloud accounts, and with the move to iCloud Photo Library and the soon to be released Photos app for the Mac, we’re likely to have more and more of our digital lives sat on Apple’s servers.

Throw the data Google has into the mix, especially if you use Gmail, and things can get scary, fast.

Strong passwords are obviously the way to go here, but that isn’t always going to be enough to stop bad people from doing bad things, especially if they manage to get that password via another compromised service. But you’re OK, because you don’t re-use passwords, right? Right.

The best way to try and strengthen your online security is to enable two-factor authentication wherever possible. For the un-initiated, two-factor authentication means that when you enter your username and password an extra piece of information is required by the website or service before access is granted. Usually that means entering a code that has been texted to a trusted mobile phone, or perhaps the entry of a code generated by an application. Either way, it’s something that only you have access to meaning that even if someone has your username and password, they’re not going to get in.

Getting codes texted to you is probably the easiest form of two-factor authentication, but that relies on your phone working. If you happen to be in an area with spotty signal then you’re out of luck. That’s why I prefer to use an app to generate the required two-factor codes, and on the iPhone that app is called Authy.

Available for all the major desktop and mobile platforms, Authy is an app that allows you to configure to act as the two-factor authentication code generator for a whole range of services and websites such as Facebook, Google, Dropbox and Evernote. The app can sync all of your accounts between different platforms and keeps it all nice and secure in the process. You can even secure the app itself with Touch ID.

It’s not all good news when it comes to Authy though. The app still hasn’t been updated to support the iPhone 6 and iPhone 6 Plus properly, but we’ll let the developer off thanks to the included Notification Center widget. We’d still like to see an update to sort out ugliness caused by a lack of iPhone 6 or iPhone 6 Plus support sooner rather than later though.

Most importantly though, Authy is free to download and use, which should remove the biggest barrier to people using it. Yes, having to open the app and generate a new code can be a pain when you’re in a rush, but it’s a small price to pay for the added security afforded by two-factor authentication. I strongly suggest you enable it anywhere that supports it, even if you don’t think you need it.

After all, by the time you actually need it, it’s already too late to use it.

  • jake kneller

    I keep all my private data on its own server not connected to the Internet

    • Jacob61916

      How do you do that?

      • jake kneller

        Well it’s not exactly a sever its something I kinda but I have two towers one has 4 tbs in it and the other has 500 of flash and I have the 4tb tower which is very stripped not even graphics card or really anything but the other is set up but not in use and they both run together and I set up a private signal with a few adapters and I can connect devices to it and computers and I store files data media anything I need and it can only be accessed with the correct addresses and passwords and stops anyone who fails to have the right info for it I don’t know if your really inter stressed i believe I still have the instructions I made while making it and setting up along with all the parts needed the amount of storage can be varied but I can prolly get that around for you

      • SirMontana

        Could you send the instructions to sami.jacob02@gmail.com ? really looking to achieve something similar.

      • Jacob61916

        That would be so great if you can send the instructions. Can you send it to jacob61916@gmail.com? Thank you in advance.

      • Ángel Javier Esquivel

        Or can you share a Pdf? 🙂

      • jake kneller

        I’m very sorry I understand you are very interested in it I haven’t found all the pieces of the instructions just yet but leave your email and as soon as I can get it all together I’ll send it to you

  • Mark Kramer

    “more of our digital lives sat on Apple’s servers.”

    stored on Apple’s servers ?

    • John

      I guess they “sit” on Apple servers as much as data is stored in/on a “cloud”.

  • C Mac

    What is better, Authy or Google Authenticator? I have been using Google’s and think it works great. Any advantage to Authy? Google’s has been update for iphone6/6+

    • Bruce D Milyko

      I also use Google Authenticator. It works great for me. I would also like to know what (if any) advantage there is to Authy.

      • Authy has an iOS notification center widget and a Google Chrome app and an OS X menu bar app. It also syncs across devices via the Cloud (encrypted with a passphrase of course).

    • Chris

      I use both, Google Auth as the main app and Authy for any sites that don’t support GAuth, either way they support the same otpauth protocol.

  • JustReboot

    I’m one of those crazy ppl who have 5 personal email accts with diff p/w (i rotate them every 6 months) / I also have sep pw/s on my bank accts / all complex no english words uPPerLowerCse $pec!@l characters, etc. I may incorporate 2-step authentication. But since I don’t use FaceBook/Evernote and very few apps, not sure if I need.

    • 2-Step authentication is more secure than 1-step authentication (i.e password only) authentication. If you’re serious about security you should be using 2-step authentication.

  • Ariel

    But wait, cant someone else sign in to Authy with your account and get the code?

    • I might be wrong but think you have to verify from another device that already has Authy setup or verify via SMS or enter a recovery password if you have lost access to Authy on all of your devices.

  • Jonathan

    I plugged my password into a site to see how secure it was (mind you, I shifted the keys, so it doesn’t know my actual password) and it said it would take a computer 27 decillion years to crack, or 27,000,000,000,000,000,000,000,000,000,000,000 years.

    Think I still need 2-step verification?

    • Beaving

      Yes, as it doesn’t matter how long your password is. If it is obtained from a database hack they have it anyway, using 2step authentication protects you against that further.

      • Chris

        Well, if the website owner really cares about password security they would hash, salt and encrypt the users password so even if they get stolen they can’t be reversed.

      • Jonathan

        Ah, makes sense.

        However, don’t top companies (Google, Microsoft, LastPass, etc) have 1-way cryptography? If that was the case, it’d be impossible to use the password for their own purposes.

  • Kay Dee

    I enabled two-factor authentication loooong time ago wherever possible – in all major accounts. Except Apple. My Apple-ID is still protected by single password because Apple just doesn’t support two-factor authentication for me – it’s available only in selected countries.