101Startups #9 - AUTHY: 2 factor authentication with Cloud backup
For this 9th episode, I decided to talk to you about what I consider being the best 2-factor authentication service today. Forget about Google Authenticator.
Today's pick is called AUTHY
I used to use a lot Google Authenticator. But each time I had to change my iPhone, it was a pain re-programming all the 2-factor authentications services I had installed. On top of that, if I would lose my phone, I would be in the deepest sh1t ever, not being able to ever access anything…
Of course, Google says they can get you back to your account but you have to PRINT some codes on a piece of paper. Not very practical... does not sound like Google. Right ?
HOW DOES IT WORK?
First, let’s speak about 2 factor authentification.
I will quote Wikipedia:
Multi-factor authentication (MFA) is a method of computer access control in which a user is only granted access after successfully presenting several separate pieces of evidence to an authentication mechanism - typically at least two of the following categories: knowledge (something they know); possession (something they have), and inherence (something they are).
Two-factor authentication (also known as 2FA) is a method of confirming a user's claimed identity by utilizing a combination of two different components. Two-factor authentication is a type of multi-factor authentication.
Basically, on top of your password you have to type another password.
This password has to be linked with something you know (these stupid questions about your mother’s maiden name), what you are (biometrics), or what you possess (your phone!!).
One simple way to enable 2-factor authentication is to have an app on your device that generates time-changing passwords.
These passwords change over time, and generally are in the form of a 6 figures string.
This is how Google Authenticator and Authy work. You launch an app and you get a random number. You type this number on top of your stanrdard password. And you login.
Here’s an example with KRAKEN, an altcoins exchange platform:
I typed my login and password, and I also have to type this randomly generated password that was generated by AUTHY on my phone. I launch the app, type my 4digits access code or use fingerprint recognition (Touch ID) and I see the following screen (Yes... it’s for Bittrex in this example, just assume it is for Kraken):
As you see, there is a counter-clock ticking, and only 1 second remaining: The password is only valid for 30 seconds.
“2-fact auth” is one of the BEST METHODS to secure your accounts. Even if someone know your password, they need your device to access the account.
The only problem with 2-factor authentication is if you lose your device, or if you brick it because you installed a Beta version of the OS for instance.
AUTHY has a cloud based platform that allows you to recover your account if you have any issue.
So if you lost, broke, renewed, replaced or bricked your phone, you (almost) just have to reinstall the app, type your Authy (long) password or get a one-time code received as text on your phone, and you are good to go.
MY EXPERIENCE:
I am in the iPhone upgrade program, so I will get the new iPhone7 later this year (You know, the iPhone6 without a headphone jack…). I don’t want to print any paper to backup my passwords. I moved 4 times in the last 5 years and paper sheets get destroyed or lost in a matter of seconds. Authy is therefore the perfect solution for me.
I currently use it for my 3 exchange platforms where I “trade” bitcoins and other cryptos:
- Bittrex (my favorite)
- Kraken
- Paymium (Euro based BTC wallet + exchange
BOTTOM LINE:
AUTHY does what it says: Being a mobile and desktop app for 2 factor identification:
The interface is very simple, and the TouchID access (fingerprint) make it very easy to use. These is also a fancy an auto-copy feature that helps you save time when you browse from your phone. It’s simple, clean and the cloud account is the life-saver in case of trouble.
Because losing your phone is already a pain in the donkey… I don’t want to add more to the equation.
As a result, Authy replaced Google Authenticator in my app portfolio.
Download the app HERE .
@sebastien
I hope that you enjoyed and that you will try this cool app. If you did enjoy the reading, stay tunes to my account for more "101 startups" stories in the future.
Footnotes:
I work with startups. My job is to find innovative hidden-gems in the tech industry.
In the series of 101 Startups, I give you an overview of the best startups and apps I encounter, and I hope you will discover, and use these new services and innovative products.
- Episode 1 - VESTLY, monthly stock trading contests for real cash prizes.
- Episode 2 - LUXE VALET, on demand car-valet services cheaper than parking garages.
- Episode 3 - JUNO, an alternative to Uber and Lyft in NYC. 25% cheaper.
- Episode 4 - MIND SUMO, take companies challenges and earn real money.
- Episode 5 - X.AI, artificial intelligence is your new personal assistant
- Episode 6 - SPOT ANGELS, know where to park, all the time.
- Episode 7 - RIDE WITH VIA, ride-hailing services for just $5.
- Episode 8 - WINGZ, soon to be published by @knozaki2015. Wingz is an on-demand chauffeur app.
If you enjoy this reading and want to see more of these startups in the future, please FOLLOW ME.
Is cloud app secure? What if it is compromised? As I understand Goodge App can't be compromised unless you lost the control of the phone.
Everything can be compromised. I believe that their system must be secure enough on their servers. (They also sell professional products)
The issue with google is "what if you lose the phone" ?
Authy allows you to Recover your account or to have it on multiple devices.
Thank you Sebastien for this interesting and useful piece of information.