Do websites send you a text message to verify it’s you logging in? Well text authentication isn’t enough to keep your accounts secure

Just last week, Instagram confirmed reports that it’s modifying its account security setup to allow users to log in with passcodes from security apps, like google authenticator, instead of simpler text message-based codes. While this isn’t the sexiest of news, it’s great to see this practice growing in popularity: using a token-based app, rather than a text message, to authenticate into other apps and services.

You should be doing this whenever possible (and if you have no other option, at least use two-step authentication versus nothing). There are plenty of reports that have shown just how easy it is for a hacker to call up a cellular carrier, find an unsuspecting customer service agent, and pretend they’re you.

[Since companies are a huge target for hackers, we’ve been using google authenticator, duo and now yubi keys for years to help secure our systems and logins. You should too. Craig.]