Two-factor authentication is a powerful security feature that improves the security of online accounts significantly when set up. It will be replaced with passkeys eventually, but this is not going to happen overnight.
Two-factor authentication adds a second security layer to the sign-in process. Users receive or generate a code, which they enter on the site or in the app.
Several of the most popular two-factor authentication methods require a mobile device. There is the option to receive text messages with the code or authenticator apps, which users need to install and set up on their mobile devices.
While most Internet users do have access to a smartphone for that, there are situations where using a phone may not be an option.
- The smartphone is not available, e.g., it has been misplaced or was stolen.
- Regulations may require “more secure” methods.
Using 2FA without a mobile device
There are two main options when it comes to using two-factor authentication without mobile devices. Assuming that a computer is used, as two-factor authentication without a mobile device and computer would make little sense, the following two options are available:
- Installing an authenticator app directly on the desktop computer or notebook.
- Using a security key.
The selection of authenticator apps for desktop operating systems is limited when compared to the abundance of authenticator apps for mobile devices. Still, there are some that users may install.
Most solutions target businesses and not individual users, though.
The second option that is available is provided via security keys. These are physical devices that are either connected to the device directly, e.g., via USB, or via methods such as NFC or Bluetooth.
Yubico’s Yubikey 5 series alone comes in several different flavors, from basic options that are connected to a device using USB to devices that support multiple connection options and work on desktop and mobile devices alike. The company has a short quiz on its website that suggests a product based on a few answers.
Yubico is not the only manufacturer of security key solutions. Google has its Titan Security Keys, which also come in different flavors, and Thetis maintains a range of security key solutions as well.
Security keys for individuals come at a cost, while authenticator apps are free to use. Most security keys offer more options than authenticator apps, as they may support more services and protocols besides creating one-time passwords for services.
Whether a desktop authenticator app or a security key is the right choice depends on individual requirements. It depends on the operating system, the number of devices, and several other factors.
If just a desktop or notebook is used, authenticator apps may be fully sufficient when it comes to two-factor authentication. Security keys are the sophisticated solution, they may be carried around, and support additional protocols and options, including the ability to use them with smartphones.
Now You: authenticator apps or security keys, which do you use and why?