LastPass Authenticator also integrates with several sites owned by the password manager’s parent company, LogMeIn, to offer a similar type of one-tap login. The extension receives this information, provides it to the website, and the user is logged in. The user taps Allow on the phone, and a confirmation message is returned to the extension that includes the required 2FA code. It may all seem rather mysterious, but here’s what’s going on behind the scenes with one-tap logins on third-party sites. When a user logs in to a compatible site, the LastPass browser extension sends a push notification to the user’s phone, which alerts the user that a login is being requested. These one-tap logins are browser specific so if you one-tap log in on Chrome you will have to log in again if you use Microsoft Edge, for example. That means you must have a LastPass account, but a free one will do. To use one-tap notifications you must have the LastPass extension installed in your browser and enabled. One-tap logins work with LastPass itself, and also with five third-party sites including Amazon (not including AWS), Google, Dropbox, Facebook, and Evernote. LastPass has a video on YouTube demonstrating the feature. LastPass’s free authentication app uses a feature called one-tap push notifications that lets you log in to select sites on PCs with a click instead of entering codes. LastPass Authenticator: Runner up LastPass One notable exception is Steam, which provides a homegrown 2FA option in its mobile app.
Software optionsĪny service that supports the standard OTP 2FA approach will work with all of the apps below, and that includes most mainstream websites and services. The fact is, using a software- or hardware-based 2FA solution on a device you own is a great way to protect your account, and far better than simply using SMS. So while this study didn’t mention 2FA apps specifically, we expect the results would be the same as, if not better than, an on-device prompt. App-based two-factor authentication is similar in that the second step is generated on the smartphone itself. That’s not bad protection, but Google’s on-device prompt strategy (we’ll cover this later) was even better, blocking 99 percent of bulk phishing attacks, and 90 percent of targeted attacks. The trio found that SMS authentication blocked 96 percent of bulk phishing attacks, and 76 percent of targeted attacks trying to crack into your Google account.
In May 2019, Google announced a one-year study it did in partnership with New York University and the University of California, San Diego. That said, SMS authentication is still far better than nothing. If you decide to get your 2FA codes via SMS, for example, the code could potentially be intercepted by hackers, as researchers for Positive Technologies demonstrated in 2017.
0 kommentar(er)
