The low-down on 2FA

2FA stands for two-factor authentication and acts as a second layer of account protection. While there are a variety of 2FA methods, hardware tokens and authenticator applications like Authy rank among the most secure.

Authy Push Authentication vs. SMS — what’s the big deal?

The SMS method sends authenticator codes via text message. While SMS provides more security than a password alone, it can leave your account vulnerable to SIM swap attacks.

Authy Push Authentication generates an RSA key pair on your mobile device, and then sends the public key to Authy’s servers. When you Approve or Deny an authentication request on your phone, Authy can cryptographically verify that the response came from you and that it wasn’t modified in transit.

Demonstration of how Push Authentication works (image supplied by Authy).

This is superior to the more common TOTP/HOTP 2FA method that requires you to enter a code generated by an authenticator application. TOTP/HOTP, while more secure than SMS, is still vulnerable to Man-In-The-Middle attacks — Push Authentication largely eliminates this vulnerability using public key cryptography.