Question

Do you prefer 2-factor apps, SMS or email login codes, or authentication devices?

I got a Yubikey but never got all of my accounts switched over. Do you find authentication keys are worth the hassle, or do you rely on authenticator apps for security?

Mentioned
#1Password
Share
forouzani's avatar
almost 2 years ago
SMS is by far the best

I have a few bank accounts that require physical devices to login. They are the bane of my existence. I have all sorts of problems from battery issues, to losing them, to the device melting in the sun (really). I consider physical devices to be an unacceptable method of authentication, unless I only want to login once a year.

2-factor apps are ok, bu they still require me to unlock my phone, open the app and sometimes wait for a new code if the current code only has a few seconds left.

Email is the next best thing, but it does require me to go into my mailbox, which often leads to distraction. Other times I have to go hunting for the email either in the spam box, or just hitting refresh a hundred times until the email arrives.

SMS is the best. It appears instantly, it shows as a notification so I don't even need to unlock my phone (if i memorize the code fast enough before the notification disappears). It also shows as a notification on my computer, so if the code is really long (or I am extra lazy) I can just copy and paste it.
For me, SMS wins.

Of course this is only talking about convenience from a user perspective. If you focus on security, physical devices win every time.

7 points
kil0ran's avatar
@kil0ran (replying to @forouzani )
almost 2 years ago

Used to have an RSA key for work (mid-2000s so almost ancient history). Really liked that option - small, built-in battery, easy to use. Only let down by the fact it wasn't backlit but not a huge issue. For personal apps I used Google Authenticator for a long time but didn't like the process you had to go through when swapping phones so have now swapped all my accounts over to SMS wherever possible. Always store backup keys somewhere because if you need them the reason is that you've probably lost your phone and already have your entire digital life hanging by a thread!. All I want to know about the SMS option is why do Microsoft have to be different and use 7-digit codes? Much harder to transfer from notification to application

3 points
NBNite's avatar
almost 2 years ago
Google's Authenticator App

Yes - email and SMS are easier and quicker to use, especially on mobile when the code plugs directly into the code input box. But if security is your number one concern, an authenticator app is second to none.

6 points
maguay's avatar
almost 2 years ago
Authy

I use Authy (now part of the Twilio set of software), which has desktop and mobile apps which makes it easy to get your codes anywhere. My favorite thing is their Apple Watch app, so I can get codes on the watch and easily type them in any device—especially handy on mobile instead of having to switch back and forth between apps.

I try to avoid SMS verification when possible because it's difficult or impossible to use when traveling, though it can be handy as a backup.

5 points
loyaltyarm's avatar
almost 2 years ago
Duo

I prefer authenticator apps for security, particularly Duo. SMS isn’t available during flights, and is very insecure (read about sim swap here: https://www.techradar.com/news/sim-swap-fraud-leaves-two-factor-authentication-users-at-risk). Duo has great apps for iOS, Android, and Apple Watch. I would actually go so far to say that 2FA convenience is a strong reason to get a wearable like Apple Watch, as it simplifies the push-to-auth workflow greatly, and I can grab a manual input code from their simple watch app in less than 10s.

1 point
How do you manage your chat inbox?

Hey guys, first post here. As part of my work, I have to deal with and respond to a lot of incoming messages from different chats: Linkedin/WhatsApp/Signal/IG. I try to use Unreads/Archive features...

Good Segment alternatives (It's too expensive for B2C)

We're currently looking at a few alternatives - https://getanalytics.io/ roll your own - https://rudderstack.com/ - https://www.freshpaint.io/ any experience with the above tools, other tools?

The community for 1Password  power users.