Data Doctors: Pros and cons of authentication apps

Q: What are the pros and cons of using a third-party authentication app?

A: Every user of the internet should be familiar with the security concept known as two-factor authentication (2FA), which typically uses your smartphone to verify that you are the owner of an account, while logging in via a special one-time code.

It’s the best thing you can use to help protect against the many threats of having your accounts compromised, even if you fall for a sophisticated phishing scam.

Most every account you have have the option to set up 2FA, so if you haven’t done so, I’d highly recommend you do it immediately.



Third-party authentication apps

An alternative to setting up the text messaging-based authentication that most companies, such as Facebook and Twitter use, is installing an app that provides the authentication codes.

This outside option for securing your accounts has many pros and cons, so depending upon the services you want to protect, and your comfort with learning new apps, this may or may not be your best option.

Pros of using an app

One of the downsides to using the standard text-messaging process to receive your verification codes is that if you don’t have a cell signal, you might not get your code delivered to your smartphone.

A common example of this is if you’re on a long flight using the airplane’s Wi-Fi service. You may have Internet access, but you won’t have cell service, which is how your verification code may be sent.

Third-party authentication apps generate the code on your smartphone, so they can still work if your smartphone can’t get a cell signal.

An authentication app will also protect against a technique hackers use to compromise text-based 2FA codes by using SIM-hijacking.

They pose as you with your mobile carrier and convince them to transfer your number to a new SIM card as if you had just purchased a new phone so they can get your texted codes.

(I’ve previously written about this clever scam and how to protect yourself.)

In many cases, the encryption protocols used by authentication apps are also much stronger than text messaging codes.

Compatibility with most major services also allows you to secure all your accounts with one app.

Cons of using an app

As with any technology, there can be challenges if you decide to switch to an authentication app, since your ability to access your accounts is now tied to a specific device.

If you use an app on your smartphone for authentication and the battery goes dead or the device breaks or gets stolen, you could get locked out of your accounts.

Ensuring that you have the app set up on multiple devices like a smartphone and a tablet can help reduce your risk of being locked out.

Some non-technical users may find using the app to be too complex or confusing to set up and use, which is why I recommend that you always test the app with a single non-essential account before you decide to convert all your accounts.

Some online accounts, especially financial services, may not be compatible with a third-party authentication app, so you’ll have to spend time learning what will and won’t work.

Ken Colburn is founder and CEO of Data Doctors Computer Services. Ask any tech question on Facebook or Twitter.

Federal News Network Logo
Log in to your WTOP account for notifications and alerts customized for you.

Sign up