two-factor authentication

How does Apple's two-factor authentication work?

Apple Two-Factor Authentication

Episode 1457

Ed from Clairemont, OK

Ed set up two-factor authentication on his Mac. But it when he logs into his Apple account, it sends the two-factor authentication code to his Mac. How can that be secure? Leo says it isn't. Apple's idea of two-factor authentication is kind of interesting. The argument is, if he has the password, and he controls the hardware the two-factor code is sent to, then there's a good chance that he is who he says he is. But it would be much better to send it to the smartphone.

How to Set Up Two-Factor Authentication

Leo has talked a lot on the Tech Guy show about using two factor authentication wherever possible to ensure the security of your online accounts. Two factor authentication requires more than just a 1 factor to login. This could include two of the following: something you are (such as biometrics like fingerprints or iris scans), something you know (a password), or something you have (a smartphone or hardware key). This could be called many things, including “Two-Step Verification” and “Two-Factor Authentication” depending on the site.

Keep Your Data Secure in the Cloud

After the recent iCloud security breach that released private celebrity photos, you may be wondering what you can do to protect your data in the cloud. Apple has released a statement saying that it was not a failure of iCloud or Find My iPhone that resulted in these photos getting out -- it was a deliberate and targeted attack. That being said, here are a few ways you can keep your data more secure online:

Use Strong Passwords

How can I see if someone is trying to access my gmail account?

Episode 963

Carneg from North Hollywood, CA

Carneg uses Apple Mail to download Gmail onto his computer, and he recently got an email from Google that someone was trying to access his account. So he tried to changed his password, but it won't let him.

Leo says that Google has a great feature at the bottom of the GMail page that would allow him to check out who's trying to log into his account and the device being used. Leo advises turning on second factor authentication, and to tie his gmail to his cellphone so that in order to change the password, he'd have to get a text or phone call to his phone.

Is it possible to reverse engineer Google Authenticator to figure out the passcode?

Episode 907

Robert from Burbank, CA

All authenticators are doing the same thing. It's a time-based, one-time use pass code. There's no data going back and forth between the authenticator app and Google, they are just both using the same algorithm to generate the code based on the time of day. Since no one knows that algorithm, it's not possible to figure out that code. They use a "one-way hashing" technique to do this. Just because the user has the 6-digit result on the authenticator does not mean anyone could go backwards to figure out what the key is.