Two-factor authentication: How to do it in a secure and usable way

    If you are like me and enable two-factor authentication in every service where it's possible AND you use various of these services per day you might have faced the problem of inserting 2FA codes manually. The usual process is to use an authenticator application (Authy, Google Authenticator etc.) installed to your phone and then when required manually inserting the code shown in the app. But when you have to do this several times a day it becomes cumbersome and time consuming way of doing this. But don't worry there is a better way to do this!

    As you might already know you should use a password manager to manage your service specific passwords. This way you can have long random service specific passwords for each of the service you use and you only have to remember one password which is the one you use to login to your password manager :) The one thing that most of the people don't know is that your password manager can possibly also handle 2FA authentication. Here's how I'm doing it. I'm using two applications to store my 2FA codes. Authy on my phone and 1Password on my computer. When I'm setting up the 2FA on the service in question I just scan the QR code to both Authy & 1Password and then also save the 2FA backup codes to 1Password. With Authy I have a backup of the 2FA codes if I somehow mess the 2FA code in 1Password. And with 1Password I get the ease of use when automatically filling the credentials when logging in to a service. When you automatically fill in the login credentials 1Password copies the 2FA code to clipboard so that you can just paste it when it's being asked. Simple as that :) From here you can find the instructions on how to do this in 1Password https://support.1password.com/one-time-passwords/#save-your-qr-code.

    Happy account securing! :)

    Header image by Vecteezy
    Ilari Mäkelä

    Ilari Mäkelä

    Read more posts by this author.

    Hämeenlinna, Finland

    Comments powered by Talkyard.