Which Form of Two-Factor Authentication Should I Use?

Two-factor authenticationis one of the most important ways to protect your accounts.

We decided to look at the most common methods and rank them by how secure they really are.

If you have the option, consider switching to something else now.

Authentication appslikeour favorite, Authyturn your phone into the something you have without involving anyone else along the way.

This has a number of advantages over SMS and email.

Theres no email provider, no cell carrier, or any other middle-man.

Still, these apps pose a few minor risks.

Just tap Yes, thats me and youre good to go.

CurrentlyGoogleandBlizzardare the two biggest names working on this method.

Blizzard will show you a code on your phone and ask if it matches the one on your rig.

Its the same tech as authenticator apps you probably use already, just simplified.

Security Rating:4/5: More secure than SMS and email, but new and largely unsupported.

This is a bit safer than SMS codes, but they still suffer from some weaknesses.

For starters, your email provider becomes a weak link.

If someone can gain access to your email account, they can get your 2FA codes directly.

Email also suffers from many of the same user-generated problems that SMS codes do.

For example, how many devices and apps currently have access to your email account?

For most, this probably includes a phone, a laptop or desktop, and maybe a tablet.

You might also use third-party services that have access to your emails.

Email is slightly more secure than SMS, but only just.

If you might use something else, youre probably better off.

Security Rating:2/5: Better than SMS if you have no other choice, but still not ideal.

Put simply, 2FA assumes that you get the codes on a equipment that only you control.

SMS as a protocol simply cant guarantee this.

All of these methods are difficult, but theyre easier than breaking other 2FA methods.

Those are just the risks inherent to SMS.

Some carriers still supportsending and receiving SMS from your email account.Pushbulletandeven Windows 10can mirror your messages to another computer.

Security Rating:1/5: Only use if no other 2FA method is available.

These arent theonlymethods available.

Remember, theres no perfect solution when it comes to security, but some methods are better than others.

Were still trying to get most sites toenable two-factor authentication at all, much less to use thebestmethod.