I'm feeling a bit overwhelmed by the different opinions on setting up two-factor authentication (2FA). People are saying things like: 1. SMS is insecure and should never be used, while others argue that it's fine since banks still use it. 2. Email authentication is also risky due to hacking potential. 3. Some suggest using an authenticator app, but warn it could lead to being locked out of my account. 4. I agree that Yubikeys are great, but I can't get one at the moment.
I manage five accounts, two of which hold sensitive info. How can I securely set them up without leaving an opening for hackers and without locking myself out? I'm starting a new business soon, so I really want to get this right.
3 Answers
Yubikey is definitely a great option! But if your phone is your only authenticator, make sure to use an app that allows for easy backup and recovery. Google Authenticator has a backup feature that can help negate risks related to losing your phone. Also, periodically check your account recovery options to ensure you can regain access easily if needed. You could consider using a combination of an authenticator app and a password manager for the best of both worlds, which can help prevent getting locked out.
Sounds like you’re already aware of the risks! SMS is definitely not the best option, but if you absolutely need to use it as a backup, make sure it’s not your only method. Email can be somewhat secure if you take advantage of programs like Google’s advanced protection, which requires hardware keys, but this adds complexity. As for authenticator apps, they’re generally safe if you store backup codes securely. Yubikey is indeed the gold standard, but since you can’t get one now, focus on using an authenticator app with strong security practices. Also, have backup codes and store them somewhere safe in case you lose access. With five accounts, you might want to consider utilizing app features that allow for secure key backups. This way, losing your phone won't lock you out completely.
You’re not screwed, but security is definitely a balancing act. Just remember, there will never be a completely secure setup. The aim is to make it hard enough for hackers to bother with you. Use a strong password for each account, along with the MFA app and secure backup codes. You can also look into password managers to easily manage all your passwords and keep track of your MFA. Don't rely on just one security method; having multiple layers (like a password plus MFA) really helps complicate things for anyone trying to break in. Just make sure your phone is secure and keep your MFA app backed up!
Related Questions
How To Get Your Domain Unblocked From Facebook
How To Find A String In a Directory of Files Using Linux