Two-Factor Authentication on the Desktop
A new desktop app is streamlining the two-factor authentication process by providing users with two-factor access codes directly on their desktops.
Typically, users leveraging two-step authentication for sites like Google or Twitter must first type in their password, followed by an access token that has been sent to their mobile device. Through the new Authy for PCs app, however, users are able to access the second token directly from their computer screens. This enables them to copy and paste the codes from the app to the site, eliminating the need to manually type in codes. The Authy app is available free in the Chrome Web Store. That said, users can leverage the app to log in to their accounts on any browser (as long as Chrome has been installed).
“All of this was possible thanks to the recently released Chrome Apps framework,” the Authy blog states. “Using the Chrome Apps framework we were able to build a great multi-platform app that not only is very easy to install, but it also feels and looks native across different operating systems.”
Authy also addresses potential consumer concerns in its blog post. For instance, the company notes that it leverages a secure registration process that verifies users’ identities through cellphone numbers when they register a new device with the platform. Moreover, while two-factor authentication isn’t meant to protect users against device theft, Authy enables users to encrypt their local accounts by creating a master password. Plus, users can deactivate tokens through a different Authy device in the case that their laptop is stolen.
Additionally, Authy comments on malware concerns, noting that using two-factor authentication through the desktop doesn’t make a user more at risk than using two-step authentication through a separate mobile device if they are leveraging a computer with malware.
“Once you successfully log in to a site, your browser locally stores a unique identifier for your session, called a session cookie,” the Authy blog states. “This cookie is then used to inform the site on subsequent requests that you have already authenticated, so that the site doesn't ask you to log in again. What this basically means is that there's no point for the malware to steal your credentials or two-factor token when it can simply steal your authenticated sessions.”
Lastly, to fight against phishing attacks, Authy for PCs comes with Phishing Detection. To leverage this feature, users must also download the Authy Chrome Extension, which gives Authy the ability to access all active tabs in a user’s browser and verify the tabs against a whitelist of official URLs. This enables Authy to notify users of possible phishing attacks when they attempt to use an authentication token for a site that is not open in one of their tabs.