Make two-step authentication easier
WE EXPLAIN HOW YOU CAN DITCH THE SMS CODES BUT STILL KEEP YOUR DEVICES SAFE FROM THE BAD GUYS.
THE NEED FOR two-factor authentication is one of our consistent refrains in this column. It’s simply not enough anymore to just use a password for your various internet logins — you also need to use a secondary authenticator like your mobile phone or email account. A secondary authentication method ensures that even if your password is hacked, the bad guys can’t get into your account.
A popular solution is the Google Authenticator app or the Microsoft Authenticator on your mobile. These generate rotating, time-sensitive codes that you type in when you’re trying to log in to a service.
For example, if you’ve set up LastPass for multifactor authentication and linked it to your Google Authenticator app on your phone, you’ll see a six digit code for LastPass when you open Google Authenticator. Whenever LastPass asks you to authenticate (which will happen when you try to log into it from a new device, or every 30 days), you have to open Google Authenticator, find the code and type it in before it expires.
For the tech-savvy, it’s not difficult, but it’s a little arcane and annoying for some users. So in the last year, both Microsoft and Google have decided to simplify the process for their own services. Google Prompt and the new version of Microsoft Authenticator allow you to confirm a login with just the touch of a button.
SETTING UP GOOGLE PROMPT
Google Prompt lets you authenticate your Google login just by tapping a confirmation button on your mobile. It works on both Android and iOS, but on iOS, you’ll need to have the Google app installed, which can be found on the iTunes App Store. You’ll need to log into that app with your Google Account. On Android, it’s built in to Google Play services, so you probably don’t need to install anything. To set it up, just follow these steps: * Head to You may need to log in to Google if you’re not already. * Scroll down to the section on Signing in to Google. * Click on 2-step Verification. * You’ll be asked to verify your login. * You’ll see a button for Adding Google Prompt. Click on it. The setup wizard will kick off. Click on Get started. You’ll be asked to choose which phone or device you want to use. Any Android devices you have that are linked to this account, and any iOS devices on which you’ve installed the Google app should appear here. Choose the one you want to use. Note that a lock screen or Touch ID has to be enabled on the device, otherwise Google Prompt will reject it.
Google will give it a dry run. A popup notification will immediately appear on your selected device. You’ll be asked if you’re trying to log in on another device. If you click ‘Yes’, you’ll be authenticated, no codes will be needed.
Google prompt will now appear in your list of secondary authentication methods in Google. As long as 2-step Verification is turned on, whenever you try to log in to your Google account from a new device, the popup will
appear, and all you have to do is tap ‘Yes’ to authenticate.
USING MICROSOFT AUTHENTICATOR’S PHONE SIGN-IN
Earlier this year, Microsoft followed Google footsteps and added a similar one-tap sign-in method for Microsoft accounts. As with Google prompt, all you need to do is tap on the screen to authenticate. In fact, Microsoft has even gone one step further and even removed the need to type in a password. The mobile will handle all authentication.
On both iOS and Android, you’ll need to install the Microsoft Authenticator app. It’s available on Google Play and the iTunes App Store. Then just follow these steps: * Open up Microsoft Authenticator on your mobile. Presuming you haven’t used it before, you’ll be asked if you’re ready to add your first account. Tap on ‘Add Account’. * Tap on Personal Account (since we’re adding a personal Microsoft Account). * Enter your sign-in details for the Microsoft account. You’ll have to verify your account, probably using a code emailed to you. * Once you’ve done that, the account will appear in the list of linked accounts in Microsoft Authenticator, with a rotating 8-digit code just below it (much like Google Authenticator). * If it wasn’t already turned on, going through this process will turn on two-factor authentication on your Microsoft account. (You can turn it off by going to account.
microsoft.com and finding the section on Additional Security Options). * Now when you try and log into your Microsoft Account from a new device, an option will appear on the password screen: ‘Use the Microsoft Authenticator app instead’. You don’t need to type in your password; just click on it. * In the window, a number will appear. Meanwhile, your mobile phone will buzz, and Microsoft Authenticator will pop up a window with three number options. Tap the number that matches the one on screen. * This number challenge will only appear the first time you try and authenticate on a particular device. Future attempts to authenticate the same device will only require that you tap on ‘Approve’ or ‘Deny’. And that’s it, you’re all set up. No need for arcane codes when trying to log into a new device with your Microsoft or Google accounts. All you need is your mobile and a finger to tap.