Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Expand
titleTABLE OF CONTENTS
Table of Contents

English | Deutsch


What is an authenticator app?

An authenticator app takes security a step beyond passwords and traditional sms/mail based two-factor authentication (2FA) for your EFS account. The app uses an automatically generated secret keys and the current time to create a unique codes using the TOTP algorithm. It’s more secure than ordinary 2FA because it doesn’t use a message that someone could intercept in a man-in-the-middle attack.
To break into an account secured with an authenticator app, an attacker would require access the user’s secret key and the encryption algorithm. Since it’s very difficult to do so, authenticator apps are among the most secure login methods available today.

How does an authenticator app work?

The secret key generated by EFS is stored in both the app and EFS. When you log in to EFS, EFS will ask you to provide a one-time code from the authenticator app, which uses the stored key and the current time to generate the one-time code. After entering the code into the code field and submitting the form, EFS will confirm the code by validating it against the stored key in EFS and after your identity is successfully confirmed, you will be logged into EFS. Since the identical codes are generated independently, it’s very difficult for someone to steal them. Also, EFS provides replay-protection, so even if the code is not expired yet, it cannot be used again to log into EFS after you have successfully used it.

Recommended authenticator apps for use with EFS

Here is a list of our favourite authenticator apps, which we use for daily work. Our focus is on well known brands, ad-free and simplicity. Of course you can use any other authenticator app, which implements the TOTP algorithm, however please pay attention to the author, downloads and user feedback counts to be sure that the author is trustworthy and the app is safe to use.

There are also add-ons for browsers or operating systems that allow you to perform TOTP authentication without a cell phone.

Google Authenticator App

Googles Authenticator App was one of the first authenticator apps. It’s a simple and easy to use app with only a list of accounts and a search box. One major flaw (or advantage) with Google Authenticator is that, if you lose or factory reset your phone, there’s no way to transfer the app’s data to a new device if you have not exported the list beforehand, because the App is not using cloud storage for backup.

Microsoft Authenticator App

This App also comes with a passwords manager, that can generate and store your passwords on the phone or sync with your MS Edge browser. You can enable cloud sync to backup your accounts in case you reset or lose your phone.

2FA Authenticator (2FAS)

Fast Authenticator App, similar to Google Authenticator with the added bonus of Cloud backup and you can organise your accounts in folders

Authy

Another user favourite is Authy, with cloud backups and multi-device features.