Applications to prevent a cybercriminal from accessing your accounts | Technology

From social networks to mobile applications for banks, health or gyms. In many cases, passwords are the only thing that stands between cybercriminals and the personal, health and financial data that users store in dozens of apps. Two-factor authentication is an easy way to add an extra layer of security to accounts. EL PAÍS tests some applications, such as Authy or Google Authenticator, that use this technique to prevent third parties from accessing personal information.

To access the account of a apps or a service, it is usually enough to enter an email and a password. Two-factor authentication is about adding an extra step to the process. The goal is to confirm that the user is who they say they are. Many apps like Facebook, Twitter or LinkedIn allow you to activate double authentication easily. In doing so, they offer various alternatives. One of the most popular is to send a code to the mobile by text message.

However, the National Cybersecurity Institute of Spain (INCIBE) stresses that this method can be insecure. If the user has notifications activated on the mobile lock screen, anyone could see the password received by SMS. In addition, according to the company specializing in cybersecurity Kaspersky, this type of message could be intercepted by a Trojan (malicious software) hidden in the mobile. “Using hidden tactics such as persuasion or bribery, cybercriminals can obtain a new SIM card with the victim’s number at any mobile phone store,” the company says. If this happened, messages would go to this card and the victim’s phone would be disconnected from the network.

Although receiving an SMS with an additional code is better than taking no action, there are safer alternatives. Much of the social networks and other services allow the use of a third-party authentication application downloaded on the mobile. One of the strengths of this type of appscompared to text messages, is that they allow you to receive a password even when there is no internet connection and coverage.

authy

Among the most complete applications is Authy, available both in the Play Store, where it has accumulated more than 10 million downloads, and in the App Store. This platform, which allows the synchronization of accounts in the cloud, is compatible with multiple services: from Facebook to Slack, including Uber, LinkedIn, Pinterest, Discord or Snapchat. On its website, the company explains how double authentication can be activated in all these applications.

This newspaper has tried to do it with Instagram. The first step would be to enter the configuration section of the apps. Then you should click on “security” and “two-step authentication”. This method, as explained by the developers of the application, “protects your account with a code that is requested when you log in on a device that we do not recognize.” To start using an authenticator application, Instagram offers a key: after copying it, you have to open the Authy app (previously downloaded), click on “add account”, choose “enter the key manually” and paste the key.

Afterwards, it is possible to choose the name of the account and the logo of the social network. In some cases, the process is simpler. For example, to link Facebook, all you have to do is open Authy and scan a QR code on your computer with your mobile. Once you have completed these steps, when you log in to Instagram or Facebook on an unknown device, in addition to entering your username and password, you will be prompted for a code that is automatically generated by Authy and expires after 30 seconds.

Google Authenticator

Another alternative is Google Authenticator, which has been downloaded over 100 million times from the Play Store and is also available on the App Store. The app works in a similar way. When trying to activate the two-factor authentication on Twitter from the computer, the first step would be to enter “settings and privacy”. Then you should click on “security and account access”, “security” and “two-step authentication”.

By choosing the option “apps authentication” and enter the user’s password on the social network, Twitter generates a QR code. It would be enough to open Google Authenticator and scan it with the mobile camera. If this is not possible, you can also link your account to this app by copying and pasting a key. “Once you’ve set up two-step verification, you’ll be able to log in to your account using something you know, like your password, and something you have, like your phone,” says the Mountain View company.

Microsoft Authenticator

Among the most popular alternatives on the market, there is also Microsoft Authenticator, which has been downloaded more than 50 million times on the Play Store and is among the most popular productivity apps on the App Store. Like Authy and Google Authenticator, it allows you to link different accounts — such as LinkedIn, GitHub, Amazon, Dropbox, Google, and Facebook — by scanning a QR code or manually typing in a key. The application, which has a minimalist design, is easy to use and allows you to back up to the cloud. The codes expire after 30 seconds and it is possible to choose that they are hidden at first and only appear when clicking on the account in question.

This type of application is useful considering that, according to the National Institute of Cybersecurity of Spain, “a large part of the passwords that circulate on the network could be decrypted by an attacker in a time ranging from just a few seconds to a few seconds. two hours”. In addition to betting on robust credentials, something for which password managers can be especially useful, the agency recommends activating double-factor authentication on all those platforms where sensitive information appears, such as social networks, email, travel platforms or online banking.

You can follow EL PAÍS TECNOLOGÍA at Facebook Y Twitter or sign up here to receive our weekly newsletter.