Paul wonders if 2-factor authentication with SMS Messaging is all that secure. He uses 2FA using a voice call system. Is that secure? Leo says that 2 Factor is the most secure way to protect your data. But there are various ways to get it. Text message is the easiest, and it's better than nothing, but an authenticator like Authy or a hardware authenticator is far more secure. Ubikey is the most secure. An app authenticator, like Authy or Google Authenticator, would be the next most secure. Text messaging is the least secure because of SIM jacking.
Joe got an email from Facebook saying his password has been changed. He changed it and turned on 2-factor authentication, but the password keeps getting changed back. Leo says that's a scary thought and he probably got bit by a phishing scam and that Facebook didn't send him an email at all. Leo says if it was legit, the first thing the hacker would do is change the email notification.
Cheryl has a Motorola Moto G6, and she wants to use a YubiKey for password security. But her phone doesn't have NFC. What can she do? Leo says that she can get a Bluetooth authenticator key like YubiKey that works with Google's Authenticator app. The Google Titan Security Key is the one to get. It's $50. There's a USB and Bluetooth key for one price. So it'll work with her laptop too.
Bob has an LG G5 Android phone and his battery life is really bad. He was thinking about resetting it, just in case there's something running in the background that's wearing it down. Leo says that after two years, it could be that the battery is worn out to the point that it's time to replace it. The good news is, the G5 has a removable battery. But what about his authenticators? Will they stay enabled when he resets? Leo says probably not. They may have to be reenabled.
Tom heard that Authy is better than Google Authenticator. Is that true? Leo says that any authenticator will be better than no authenticator at all, especially when keeping password vaults protected. Most services offer 2 factor authentication now, but the danger there is that some SIMs can be duplicated or even hijacked with some creative social engineering. In fact, the authenticator can be re-routed. Authy sends a secret number and combines it with a time of day (hashing) that changes after 30 seconds.
Saren hasn't been receiving the two factor authentication code he normally gets for his Gmail account. He would normally get it through his Google Voice number. Leo says it's insecure to send those two factor codes through SMS, because someone could spoof his number and get the text message. Google may have even stopped supporting SMS in favor of its Google Authenticator app.
Taylor is moving from an iPhone to a Samsung Galaxy S4. He has two factor authentication set up on his current phone, and is wondering if there's an easier way to transfer it all to the new phone.