Ross can't do two-factor authentication with Republic Wireless. What can he do? Leo says that's a huge problem that Republic has to address. Are there alternatives? Leo uses a dongle called Yubikey that generates an authentication key. Leo also uses an authenticator program on his phone called AUTHY. Also, check out ID.Me.
Bob has an LG G5 Android phone and his battery life is really bad. He was thinking about resetting it, just in case there's something running in the background that's wearing it down. Leo says that after two years, it could be that the battery is worn out to the point that it's time to replace it. The good news is, the G5 has a removable battery. But what about his authenticators? Will they stay enabled when he resets? Leo says probably not. They may have to be reenabled.
Since many sites now allow (or even require) 2-factor authentication, it's a good idea to use an authentication app on your smartphone to get the security code. This is a much more secure method, because codes texted over SMS could be intercepted. There's also the danger of SIM cards being duplicated or even hijacked with some creative social engineering. The Authy app for iOS or Android is a good option, because it sends a secret number and combines it with the time of day so the code changes after 30 seconds.
Tom heard that Authy is better than Google Authenticator. Is that true? Leo says that any authenticator will be better than no authenticator at all, especially when keeping password vaults protected. Most services offer 2 factor authentication now, but the danger there is that some SIMs can be duplicated or even hijacked with some creative social engineering. In fact, the authenticator can be re-routed. Authy sends a secret number and combines it with a time of day (hashing) that changes after 30 seconds.
Taylor is talking about using LastPass and its 2-factor authentication. How does that work? Leo says that 2-factor can be a biometric thing, like his thumbprint, or it can be an authenticator which will text him a code to his phone that he would input into the prompt. It's secret and only good for about 30 seconds before he would have to input a new code. It's a great way to protect online data.