We love two-factor authentication, and we love services that make our text messages accessible from our computers. However, if you don’t want anyone else — a snooping spouse, child, parent, or most importantly, a laptop thief — getting hold of your private information, you might want to alter how you use two-factor authentication.
Photo by MIKI Yoshihito
Two-factor authentication is one of the best forms of password security, but if you use services like Yosemite’s new Text Message Forwarding with iOS 8.1 or MightyText on Android, you should make sure you’re not using SMS as your second step in the authentication process.
Anyone who has access to your computer will be able to see the second step — the verification code — from your computer, whether they have your phone or not. Instead, use a USB key or our favourite authentication app for Android and iPhone, Authy, to generate a code from your phone, and disable SMS as your second step. Authy can even hide the codes behind a PIN for extra security.
Beware two-factor authentication using SMS forwarding [The Unofficial Apple Weblog]