Two Factor Authentication

When you log in to your accounts online, you mostly use a simple 'username and password' combination to do so. Adding two-factor authentication (2FA) to your login process is a simple way of adding an extra layer of security to your accounts.

The problem with relying on a username and password style of login is that you can’t always keep your password safe. Your password could be stolen:
  • through a scam, like phishing
  • from a business you have an account with, if they have a data breach.

Adding another level of security with 2FA makes it harder for an attacker to access your online accounts — just knowing your password isn’t enough.

 


How 2FA works

When you log into an online account with a username and password, you’re using what’s called single factor authentication. You only need one thing — your password — to verify that you are who you say you are. With 2FA, you need to provide two things — your password and something else (we use a code) — before you can access an account.

You can authenticate (prove you are you) based on a security token that you can get from any 2FA app that generates a temporary access code.  For example;

  • software on your smartphone such as an app like Google Authenticator or , that:
    • sends a notification to your smartphone, or
    • provides you with a temporary access code.

 


Which App do I need?

There are a few to choose from, whether you are an Android, Windows or IOS user.

1. Google Authenticator

Supported platforms: Android, iOS

As noted by all tech media, Google Authenticator is the easiest to use of all the many 2FA apps out there. It doesn’t even have any settings. All it lets you do is add a new token (the name given to the code generator for an individual account) or delete an existing one. To copy a code all you have to do is tap it. That’s it!

However, such simplicity has a drawback: If you don’t like something about the interface or you want more features, you’ll have to install another authenticator app.

+ Very easy to use.

- Can't easily transfer codes to new phone (if you ever upgrade)
 

2. Duo Mobile

Supported platforms: Android, iOS

Duo Mobile is also extremely user-friendly, minimalist, and free of additional settings. It has one advantage over Google Authenticator: Duo Mobile keeps codes hidden by default — to see them, the user must tap the specific token. If you, like me, do not enjoy having a bunch of codes for all your accounts on public display every time you open the authenticator, then this feature of Duo Mobile is for you.

+ Hides codes by default.
 

3. Microsoft Authenticator

Supported platforms: Android, iOS

Microsoft also chose the no-frills approach with its minimalist authenticator. That said, Microsoft Authenticator is noticeably more feature-rich than Google Authenticator. For a start, although all codes are shown by default, each token can be separately configured to be hidden.

Second, Microsoft Authenticator simplifies signing into Microsoft accounts. After entering your password, all you need do is tap the button in the app to confirm login — and that’s it, no need even to enter a one-time code.

+ Can be configured to hide codes.
+ Extra features for signing into Microsoft accounts.
 

4. FreeOTP

Supported platforms: Android, iOS

There are four reasons you might pick this baby from Red Hat. First, the software is open source. Second, it is the lightest app in our list — the iOS version is only 750KB. (By comparison, the minimalistic Google Authenticator requires almost 14MB, and the Authy app, discussed below, is a whopping 44MB.)

Third, the app hides codes by default, displaying them only if the token is tapped. Fourth but not least, FreeOTP lets you configure tokens very flexibly and manually, should you want to. Naturally, the usual token creation method, by scanning a QR code, is also supported.

+ Hides codes by default.
+ Takes up only 750KB.
+ Open source.
+ Maximum settings when creating a token manually.
 

5. Authy

Supported platforms: Android, iOS, Windows, macOS, Chrome

Authy is the fanciest of the 2FA apps, with the main advantage being that all tokens are stored in the cloud. This makes it possible to access tokens from any of your devices. At the same time, it simplifies the migration to new devices. There is no need to reactivate 2FA in each service, so you can continue using existing tokens.

Tokens in the cloud are encrypted with a key based on a user-defined password, meaning that data is stored securely and not at all easy to steal. You can also set a login PIN for the app or protect it with a fingerprint if your smartphone is equipped with the right scanner.

The main disadvantage of Authy is that it requires you to set up an account linked to a mobile phone number — otherwise it won’t work at all.

+ Tokens are stored in the cloud, allowing them to be used on all of your devices.
+ Migration to other devices is very easy for that same reason.
+ App login protected by PIN or fingerprint.
+ Only the code for the last used token is shown on screen.
+ Unlike other apps, it supports not only Android and iOS, but also Windows, macOS, and Chrome.

− Does not work without an Authy account linked to a phone number.
 

6. Yandex.Key

Supported platforms: Android, iOS

In my opinion, the concept behind Yandex.Key makes it the best app for 2FA. For one thing, it does not require immediate registration — you can start using it just as easily as Google Authenticator. For another, it has several additional features available to those who are not settings-shy.

First, Yandex.Key can be locked with a PIN or fingerprint. Second, it allows you to create a password-protected backup copy of tokens in the Yandex cloud (this stage does require a phone number) and restore it on any device you use. Similarly, it is possible to transfer tokens to a new device when you need to migrate.

Yandex.Key manages to combine the simplicity of Google Authenticator with the extended functionality of Authy, depending on what you prefer. The app’s only drawback is that the interface is not that easy to use with a large number of tokens.

+ Minimalism at the start, extended functionality available through the settings.
+ Backup copies of tokens can be created in the cloud for use on multiple devices and migration to new ones.
+ Login to the app is protected by PIN or fingerprint.
+ Only the code for the last used token is shown on screen.
+ Replaces your permanent Yandex account password.

− With many tokens, not so easy to find the one needed.

 


How to set up 2FA on your  Purple Dog Account

 

1. From the Client Area, navigate to Hello, Name! > Security Settings.

2. Click Click here to Enable.

Click here to Enable

3. Select Time Based Tokens.

4. Click Get Started.

Select the Two Factor Auth Service

5. Scan the QR code with an authenticator app such as Google Authenticator or Duo Mobile.

6. Enter in the 6-digit code that the authenticator app generates.

Scan the QR Code with your app and enter the authentication code

7. Click Submit.

8.  Record the Backup Code in a safe place.

9. Click Close.

Take a note of the Backup Code

Two-Factor Authentication is now set up for this client, and will be required when they login in future.

Authenticated staff with the appropriate permissions will still be able to login as this client without needing the two factor authentication code.

 

 

 

  • two factor, 2fa, security, authentication, 2FA
  • 588 Users Found This Useful
Was this answer helpful?

Related Articles

Is this site secure?

Yes, our website client area is protected by encryption through an SSL (Secure Socket Layer)...

How can I pay?

We accept payment by;1) Online Bank Transfer (NZ bank accounts ONLY)2) Credit Card via Stripe...

Change of account ownership

The following information relates to the transfer of ownership from one client to another and is...

Account Cancellation / Termination

If you are thinking to leave Purple Dog - feel free to talk to us first to see if we can assist...

How do I see what services I have?

To check what services you have, please log in to your Purple Dog client account You'll need the...