Paul wonders if 2-factor authentication with SMS Messaging is all that secure. He uses 2FA using a voice call system. Is that secure? Leo says that 2 Factor is the most secure way to protect your data. But there are various ways to get it. Text message is the easiest, and it's better than nothing, but an authenticator like Authy or a hardware authenticator is far more secure. Ubikey is the most secure. An app authenticator, like Authy or Google Authenticator, would be the next most secure. Text messaging is the least secure because of SIM jacking.
Joe got an email from Facebook saying his password has been changed. He changed it and turned on 2-factor authentication, but the password keeps getting changed back. Leo says that's a scary thought and he probably got bit by a phishing scam and that Facebook didn't send him an email at all. Leo says if it was legit, the first thing the hacker would do is change the email notification.
Ross can't do two-factor authentication with Republic Wireless. What can he do? Leo says that's a huge problem that Republic has to address. Are there alternatives? Leo uses a dongle called Yubikey that generates an authentication key. Leo also uses an authenticator program on his phone called AUTHY. Also, check out ID.Me.
Bob has an LG G5 Android phone and his battery life is really bad. He was thinking about resetting it, just in case there's something running in the background that's wearing it down. Leo says that after two years, it could be that the battery is worn out to the point that it's time to replace it. The good news is, the G5 has a removable battery. But what about his authenticators? Will they stay enabled when he resets? Leo says probably not. They may have to be reenabled.
Since many sites now allow (or even require) 2-factor authentication, it's a good idea to use an authentication app on your smartphone to get the security code. This is a much more secure method, because codes texted over SMS could be intercepted. There's also the danger of SIM cards being duplicated or even hijacked with some creative social engineering. The Authy app for iOS or Android is a good option, because it sends a secret number and combines it with the time of day so the code changes after 30 seconds.
Tom heard that Authy is better than Google Authenticator. Is that true? Leo says that any authenticator will be better than no authenticator at all, especially when keeping password vaults protected. Most services offer 2 factor authentication now, but the danger there is that some SIMs can be duplicated or even hijacked with some creative social engineering. In fact, the authenticator can be re-routed. Authy sends a secret number and combines it with a time of day (hashing) that changes after 30 seconds.
Taylor is talking about using LastPass and its 2-factor authentication. How does that work? Leo says that 2-factor can be a biometric thing, like his thumbprint, or it can be an authenticator which will text him a code to his phone that he would input into the prompt. It's secret and only good for about 30 seconds before he would have to input a new code. It's a great way to protect online data.