Wednesday, November 05, 2014

If You Text From Your PC, Don't Use SMS for Two-Factor Authentication

Source: http://lifehacker.com/if-you-text-from-your-pc-dont-use-sms-for-two-factor-a-1654474481

If You Text From Your PC, Don't Use SMS for Two-Factor Authentication

We love two-factor authentication, and we love services that make our text messages accessible from our computers. However, if you don't want anyone—a snooping spouse, child, parent, or most importantly, a laptop thief—getting ahold of your private information, you might want to alter how you use two-factor authentication.

Two-factor authentication is one of the best forms of password security, but if you use services like Yosemite's new Text Message Forwarding with iOS 8.1 or MightyText on Android, you should make sure you're not using SMS as your second step in the authentication process. Anyone who has access to your computer will be able to see the second step—the verification code—from your computer, whether they have your phone or not. Instead, use a USB key or our favorite authentication app for Androidand iPhone, Authy, to generate a code from your phone, and disable SMS as your second step. Authy can even hide the codes behind a PIN for extra security.

Beware two-factor authentication using SMS forwarding | The Unofficial Apple Weblog

Photo by MIKI Yoshihito.