I imagine some readers of this blog use an authentication app as part of a two-factor authentication process for various services. For a long time I have been using Google Authenticator (right) with some systems. I’d like to ask readers to please post a comment below if you use an authentication app, mentioning some of the services that you use it with.
My reason for asking readers to share their ways of using an authentication app is that I think I am probably coming nowhere close to getting all of the benefits that I could get from such two-factor authentication. There are probably systems that offer such two-factor authentication that I don’t know about and that I should make use of.
Google recently published a research paper titled “Security Keys: Practical Cryptographic Second Factors for the Modern Web” to quantify the benefits the company found in using two-factor authentication using a protocol called U2F. Google’s paper, which I suggest be read by everyone at the USPTO who has anything to do with EFS-Web or Private PAIR or Financial Manager, reviews the advantages and disadvantages of various ways of forcing users to identify themselves to online systems.
In particular, I am trying out a new approach, namely a dongle made by Yubico. This device, called the Yubikey Neo, which on a quick glance might be mistaken for a USB drive, is intended by its maker to offer more and better options for two-factor authentication. It is intended to provide all of the functions that an authentication app such as Google Authenticator would provide, and in addition to provide easier and more convenient ways for authentication using a protocol called U2F.
I have successfully used this new dongle to authenticate myself to several systems including WIPO’s ePCT system and to the server that hosts this blog. I’d be grateful if readers can comment below to mention systems for which they use an authenticator app. I’ll try out as many of these systems as I can, and I will post an article explaining how a dongle such as this can be used with such systems. I will review Google’s findings about such dongles and I will describe what I see as the pros and cons of such dongles.
Please comment below.