Two-Factor Authentication and Aegis Authenticator

Two-factor authentication (2FA) is a common, effective and easy to implement method to improve online security. It involves adding an additional factor to the authentication process so that, even if someone manages to get hold of your user ID and password, they still can’t get into your account.

In Belgium, we have the well-established itsme which provides an additional layer of security for online banking, government services and a whole range of online activities. There is also the much newer, and largely ignored, myID, for which I have yet to find a use.

There are also a variety of authentication apps that can be installed on your mobile phone. Once set up, these will continually generate a (usually) 6 digit passcode that you need to enter when logging in to the protected website.

When I started using 2FA (outside of itsme) I went with the first authenticator app that I found, which was Google Authenticator inevitably enough. It is certainly very easy to use and does make it very easy to get started. There are a couple of things about which I have become increasingly unhappy.

The first of these is that it’s a Google product, and because I don’t like being overly dependent on a small number of very large companies, I tend to seek alternatives when I can. More seriously, Google Authenticator appears to lack any sort of backup option, which is problematic.

So, after looking around for a bit, I have settled on Aegis Authenticator, which is a much more security focussed authentication app.

For a start, it does support backups. Not only am I able to back up my vault to my own server, but the app also supports Native Android backups, so I could just switch it on and forget about it. I also like the fact that you actually need to sign in to the app, either with a fingerprint or other biometric option, or with a password.

And the app manages to remain remarkably straightforward to use. I think I will be sticking with this one.

Of course, 2FA is not a panacea, but it is a big improvement on relying on just a password and if you can use it, you really should.

And on that note, I should point out that WordPress supports Two-Step Authentication, and you can set it up from the Security Tab on your Profile settings.