We hate taking extra steps, especially if we think they’re complicated. But with the rise of SIM swapping, you might want to bite the bullet and get used to using an authenticator app.

The benefits of using an authenticator app for 2FA were illustrated by the problems of a new client who was victimized by a SIM swap of their phone number. The SIM swap caused untold problems, including untangling them based on hard-to-find phone records.

Again, just to recap from last month, SIM swaps happen when a bad actor is able to convince a carrier that they’re you and that you need to transfer your phone number to a new device. While the bad actor has your phone number hijacked, you lose your cellular service. You can’t make or receive phone calls or send or receive texts. If it happens for a short time and you’re not using your phone, you’ll never know it happened. If you’ve set up a form of 2FA that involves getting a code through a text message, you’ll never know about that, too.

An authenticator app is different. It uses a Time-Based One-Time Password (TOTP) algorithm to generate unique, time-sensitive codes for 2FA. The apps are set up on a mobile phone, and the process can be difficult for some. We suggest professional help to avoid untimely problems down the road.

When you type in a link from a computer or a phone to link the app to an online service, both the app and the service’s server use a shared secret key and the current time to independently generate the same time-sensitive codes. When a user logs in, they enter the code from the app, which the server verifies by comparing it to its own generated code. The verification code almost always comes in on your cell phone, and the authenticator app automatically regenerates the code every 30 seconds.

The key point here is that the authenticator app is tied to your device, not your phone number. So, if the bad actor tries to enter a website or app link that uses an authenticator app, they will not see the code. It will come to your device. If you don’t recognize the reason for that code being sent, it’s a big, bright flag that someone may have hijacked your phone number or breached your security in some way.

Of course, the website or online app being accessed must offer an authenticator app as a security measure. More of them are offering it as a security measure, and you should take advantage of it wherever you can. If you’re on your computer, you need to have your phone handy, and if you’re using your phone, it will take a little juggling. But it’s well worth the effort.

We can help you set up Microsoft Authenticator or any other authenticator app. Call us – 973-433-6676 – or email us to learn more about the app and get help setting it up.