Authenticator Apps

This brings us to authenticator apps, which you download onto a phone or computer. They generate temporary security codes (instead of texting them to your phone) that you enter to log in to your online accounts and apps.

Let’s use Twitter and the app Google Authenticator as an example.

• First, download the Google Authenticator app onto your phone. Then, on Twitter.com from a computer, click More→Security and Account Access→Two-Factor Authentication→Authentication App.

• From here, follow the steps on Twitter. You’ll be asked to use the Authenticator app to scan a QR code with your phone camera, which will link the app with your Twitter account and start generating security codes.

When you log in to Twitter, you’ll enter your user name and password and then open the Authenticator app to find the temporary code.

The big downside to using authenticators is that if you lose your phone or switch to a new one, it can be a pain to regain access to your accounts. Typically a site or app like Twitter will let you regain access to your account with a backup code. In Twitter’s two-factor authentication settings, one menu labeled “backup codes” will generate a code to let you log back in. Make sure to jot this code down and store it in a safe place.

This technique takes some time and mental bandwidth to set up properly and get used to, but it’s better overall. It’s much tougher for someone to hijack your device to see your security codes than it is to intercept a text message.

Security Keys

The third method — the use of a physical security key in the form of a USB stick that you insert into your computer or phone to log in — is the most secure of them all. We’re not likely to see this technique widely adopted because the key costs money, and if you lose your key, it can be difficult to regain access to your account.