2 November 2020

Authy Rocks!!!These days, 2FA (Two-Factor Authentication) is all the rage.

Instead of securing your account with only a password, you have to enter a password and a secret code… But where to get this code?

The simple way is via an SMS to your phone, which means you also must provide your cell phone number to various sites.

Smartphones also have authentication apps, but the problem is that you must still have your smartphone on and connected to the cell network in order to log in to a simple web site!

That’s not very convenient…

Why you care

You may be thinking that you just won’t use 2FA, but think again. Until now, the security feature has been optional on most sites.

But PayPal recently notified me that accounts will require 2FA in the near future. Google is also starting to ‘encourage’ users to use 2FA if they use YouTube, Analytics, or many other Google services.

In short, you won’t have a choice soon.

And if you’re like me and you get absolute crap reception on your phone inside your house, then even a simple SMS-with-code to log in to web sites just isn’t going to work.

Besides, why should I have my phone on when I’m sitting at my puter?

What to do?!

Behold: Authy for Desktop

Authy is an authenticator app for doing 2FA. It’s available for smartphones, tablets, and also desktop OSes – Windows, Mac, and linux.

I use the desktop Windows version, and it works quite well.

The idea is that you download Authy, install it, and just fire it up anytime you need a secret 2FA code to log in to some web site.

Note that when you install Authy, it usually asks you to verify your account by sending an SMS to your phone – just once.

After that, you don’t need cell service ever again, and you certainly don’t need to have a smartphone!

How it works

First, run Authy:

Authy Main Screen
You’ll see the services/web sites you have already configured for 2FA. To add a new site, click the + sign in the upper right corner.

You’ll see this screen:

Authy - Add Site
When you enable 2FA for a given web site, they will give you your own secret setup code to set up 2FA in Authy.

You just paste that code into the box, and click Add Account. You do NOT need to save this ‘setup code’ anywhere.

On the next screen, you can give the site a name, like “PayPal” or “Gmail” or whatever you want.

Note that Authy can be used with all kinds of sites, including Google. You don’t have to use the Google Authenticator app if you don’t want to!

You can click here to see instructions on how to setup Authy with various sites and services, including PayPal, Google/Gmail, Amazon, Dropbox, and more.

Finally, when you want to log in to the site you just added, you click the site’s name from the main screen of Authy. You’ll see this:

Authy - Code
Click the Copy button in the lower right corner, and just paste the code into your site.

TA-DA! You just verified your login with 2FA – no smartphone required.

Note that the code changes constantly, so don’t dawdle when you copy/paste it into your web site. Codes are time-sensitive for increased security.

For even more security…

It’s a good idea to set a Master Password for Authy. You just click Settings and then Enable:

Authy - Settings
That way, anybody who may get onto your puter needs your password to generate secret codes in Authy.

Of course, if you want even MORE security, you could use a hardware key like Google’s Titan Security Key.

Hardware security keys are even more secure, but not free and a bit harder to use.

But at least now you can have 2FA even if you haven’t joined the Smartphone Revolution…

And you won’t go mad when your SMS secret code arrives 10 minutes after you were trying to log in to PayPal!

Get Scottie Stuff!
Two-Factor Authentication without SMS or a smartphone
Tagged on:             

6 thoughts on “Two-Factor Authentication without SMS or a smartphone

  • 4 November 2020 at 01:48

    Authy is great and provides that second layer of security from hackers but a Security Key is a MORE SECURE second layer of security than using an app like Authy. A Security Key is a USB hardware device for 2FA – same key if you like for more that one website – easy enough to use and on the websites that accept a Security Key (like googles Gmail) allow you to register more that one so I got 3 separate YubiKeys (https://www.yubico.com/) and I keep one with me and the other two in a safe place should I lose the first one. If you lose one it is unlikely it will be be usable since your name or what websites it is for are unlikely – also you can de-register that key if you lose it. YubiKey has several hardware security products – I use the one here – https://www.yubico.com/products/security-key/

    • 4 November 2020 at 11:03

      Yeah, YubiKeys are quite popular, and better… but Authy is free and quick, which is nice for many people. I actually use both Authy and a hardware key (for different sites).

  • 4 November 2020 at 20:09

    There is a 2fa App for kaiOS. (KaiAuth: https://kaiauth.zjyl1994.com). You can install it using the official kaiOS Web IDE. All you need to do is enable the phone’s developer mode.

  • 1 December 2020 at 01:00

    The question I have is why, in addition to the little generation program for those without the GSM leash isn’t there also a campaign to tell providers that many things don’t warrant such fuss. I couldn’t care less if someone spoofs my youdoob account, many could but not I. Therefore i shouldn’t have to mess around with the extra stuff I use for financial transactions, there should be the freedom to tell them where to put it.

    • 1 December 2020 at 13:27

      The real reason for 2FA, of course, is to require you to give your cellphone number so they can track you even better. For example, if you have to use 2FA to log in to Amazon, now your Google account is associated with your Amazon account. That was not so hard to do before, but now it’s concrete and automated.

  • Pingback: The Truth about 2FA (Two-Factor Authentication) | Scottie's Tech.Info

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.