On 5th September 2023, we will be moving from SMS verification to two-factor authentication (2FA) apps. To keep your Propiteer Capital account secure, you will need to activate a 2FA app by this date. We go into more detail below on our app recommendations, what 2FA apps are, and what makes them more reliable than other methods.
With cybercrime significantly on the rise in recent years, online security is now more important than ever. We often hear of data breaches at big companies or bank fraud scams, so like many other businesses, we’re urging our customers to tighten their Propiteer Capital accounts with 2FA software.
What is 2FA?
Passwords are simply no longer strong enough to protect our information from sophisticated hackers. While passwords are still needed, their hygiene is also incredibly important. This means using unique passwords for each account and using a random mix of letters, numbers, and symbols rather than memorable names or dates that can easily be guessed. Nowadays, however, that’s not quite enough – this is where 2FA comes in.
2FA is an extra security layer for your online data. Should someone discover your password, 2FA will ask for additional information in order to grant access to an account or website (be it your email, online banking, or shopping apps).
Your password is the first barrier that hackers have to break through to access your accounts and information. Should this barrier be compromised, your data is secured via 2FA even if your device is lost or stolen as it’s unlikely that hackers will be able to gain access to your second-factor information.
Common types of 2FA
There are several forms of 2FA, but their security levels can differ. Here are some of the common types of 2FA:
· Hardware tokens
These normally come in the form of key fobs that can be plugged into your computer’s USB port to generate a unique one-time passcode (OTP). The code is automatically transferred once connected to the device.
· Push notifications
Rather than generating an OTP, some companion apps ask you to approve or deny a login attempt. One of the most common examples of this is mobile banking apps that ask the user to approve an online purchase before it’s confirmed.
· SMS text message
This 2FA type interacts directly with a user’s phone. Once a username and password are entered into a website, an OTP is sent via SMS text message that grants access to your account.
This 2FA method cannot be used offline – it requires solid phone service so that an OTP can be successfully delivered. More importantly, many companies are moving away from SMS-based 2FA as it is not secure enough for high-risk personal information like bank or email accounts. Not only has it now become far too easy for SIM cards to be cloned and phones to be intercepted, but SMS communication has been designed without encryption, meaning it is easily accessible and, therefore, lacks the all-important security that you need from 2FA.
· Software tokens
One of the most secure ways to set up 2FA is via software tokens. These are apps that generate OTP codes and they can be accessed on desktops, smartphones, and wearables (like a smartwatch). Most of these are free to download or have free basic subscription services. An additional password is required to set up a 2FA app, which adds extra security.
Disadvantages of alternative 2FA methods
Hardware tokens are fairly uncommon nowadays. While they do offer the benefit of being accessible offline, they’re small and can be lost easily. This makes its security level considerably low; if someone can steal your phone, they’re equally able to steal your key fob, granting them instant access to your most valuable information.
Push notifications can be suitable for low-risk personal data, but for anything more, they’re not secure enough. If your email account, for example, has been compromised, hackers can easily access your push notification as there is no password protection for your 2FA method. Also, this 2FA type only works if you have phone service or an internet connection, so its accessibility can be limited.
SMS text message verification is considered the least secure 2FA method for authenticating users. This is because SMS messages are not end-to-end encrypted, meaning that today’s sophisticated attacks can allow hackers to intercept phone networks and signals, and therefore, text messages to access the OPTs.
There’s also a possibility of what’s known as SIM swapping, which is the duplication of SIM cards, and phishing, a man-in-the-middle site that can entice users to share their OTPs.
Some of the world’s largest corporations like Apple, PayPal, and Microsoft have experienced data breaches via SMS verification messages. Inevitably, such events fuelled concerns amongst businesses all over the world, so companies and individuals are now being urged to upgrade their 2FA tools and use more secure alternatives like authenticator apps. Microsoft’s Director of Identity Security, Alex Weinert, explains: “The problem with SMS is that it’s built on an archaic architecture that sits inside the many cellular networks around the world. When you send an SMS, it might be secure between your phone and your network, but once there, it can bounce in plain text between various SMS message centres inside various carriers enroute from sender to recipient.”
Why 2FA software is more secure than other methods
Authenticator apps are more secure and reliable than SMS codes. Unlike SMS OTPs, 2FA apps apply an additional layer of security such as a passcode, password, or biometric trait (i.e. fingerprint or face ID). This means that, without this additional information, our data cannot be accessed.
While authenticator apps work in a similar way to SMS 2FA, the key difference is that the app is accessed locally. In other words, it is tied to the physical device, while a text message is tied to the network, and the network is what’s at risk.
The codes generated via 2FA apps are also more short-term than SMS codes. Some SMS OTPs can be valid for up to 30 minutes, giving hackers more time to intercept, while authenticator apps typically refresh every 30 seconds.
Finally, 2FA apps can be accessed offline, so there’s no need for internet access or signal, and they don’t require a mobile phone. There are many 2FA apps that can be downloaded onto a laptop or desktop computer.
Types of 2FA apps
Both Apple and Android devices have built-in 2FA systems that you can use (if you aren’t already). However, there are many other authenticator apps available, each with different features and benefits. Here are some of the top-rated 2FA apps you can try:
Authy
Available for Windows, Mac, Android, and Apple devices (including Apple Watch), Authy is the top-rated cross-platform 2FA app. It’s also one of the least expensive; a free basic account allows 100 free authentications per month, however, you can upgrade for a minimal fee and no monthly commitment.
Pros:
· Easy to use
· Cross-platform app
· Compatible with smartwatches
· Secure cloud backup
· Can be accessed offline
· Free account available
· Upgrade for a small fee with no subscription
Worth noting:
· A mobile number is required to set up an account
Google Authenticator
Google Authenticator keeps 2FA simple. It’s available on any device as long as you have a Google account and set-up is easy via a QR code.
Pros:
· Free to use
· Automatic set-up with a QR code
· Your codes are saved to your Google Account
· Sync the app across devices
· Manage multiple account with one app
· Choose the type of code that best suits your needs
Worth noting:
· You need a Google account
· Not compatible with smartwatches
· Cannot transfer the account onto a new phone
LastPass Authenticator
Lastpass Authenticator is an extension of the LastPass password app. It offers free and paid account options, and a free encrypted backup service.
Pros:
· A unique code is generated every 30 seconds
· Free encrypted backup
· Automated set-up via a QR code
· Add multiple accounts
Worth noting:
· Recommended to connect to LastPass password app for a more seamless experience
Microsoft Authenticator
Microsoft Authenticator is free to use and offers easy, secure sign-ins using 2FA, passwordless, or password autofill.
Pros:
· Free to use
· Passwordless options
· Connect all your Microsoft accounts
· Sign in without your password
· Autofill passwords on apps and sites
Worth noting:
· Potential compatibility issues with iOS/Android
· Only works with select websites
How to set up 2FA on your Propiteer Capital account
Enabling 2FA on your Propiteer Capital account will help protect your investments and keep them safe from hacking and phishing attempts. Adding this extra security to your Propiteer Capital account is easy and can be done in just a few quick steps:
1. Log into your PCPLC account
2. Visit your profile
3. Scroll to the ‘Account Security’ block and follow the instructions.
You will be prompted to download an authenticator app of your choice, however, we recommend Authy. You can download this onto your desktop computer, laptop, or smartphone.
If you have any questions or need help with setting up 2FA on your Propiteer Capital account, get in touch with our team on 01376 319 000 or email info@propiteercapitalplc.com.
Recommended Read: How High-Net-Worth Investors Are Spending Their Summer