After several months of development and beta testing, our development team finalized the full feature version of Verigator, our 2FA app, which can be installed on your device through the Apple App Store or the Google Play store. At no cost, anyone can install Verigator and begin securing all their online accounts today. Frankly, there is no excuse to not be using 2FA on web services like Facebook, your email (Gmail, Outlook/Hotmail, Yahoo, etc.,) GitHub, Twitter, and more. Verigator’s simple UI makes it easy to add accounts and begin using time-based one-time passwords (TOTP) in addition to your username and password. You can find tutorials on enabling 2FA in your online services and adding them to Verigator right in the app (we’re continuously adding more tutorials –more on TurnOn2FA.com if you’re looking for something we don’t have yet.)
Turn on 2FA for my Facebook and Gmail account, why?
Well first, your password is likely weak and you’re probably using the same password across multiple services (most of us are guilty of it.) Second, there are over 4 billion usernames and passwords floating around the internet. Check haveibeenpwned.com to find out if you have fallen victim to breaches over the years –it’s likely you have, especially if you have used services like Adobe, Dropbox, LinkedIn, and Myspace (yes, Myspace matters here.) Lastly, if you’re not yet convinced, the number of breached credentials tracked through haveibeenpwned.com grew 1 billion since I began watching the site in May, so if you haven’t been pwned yet, how will you know when you are?
Time-based one-time passwords are a step up in security from SMS based two-factor authentication, as no data is transmitted, so there is no risk of having a PIN code intercepted. Verigator maintains a secret six-digit code for each online service that changes every 30 seconds, which is synced with the online service when you scan the QR code, or log into an online service that uses Messente’s two-factor authentication API. Only the Verigator install on your mobile device and the online service have the time-based code, and after you use it, it can’t be used again. If the online service is using our API, a push notification will be sent to you device if you’re on a data network, however, the PIN code itself is not transmitted as the push notification simply gets you to open Verigator or glance at the code without opening the app (we’re making it as easy as possible for everyone to turn on 2FA and start using it.)
Rundown of Verigator
Verigator’s user interface makes it easy to use, as it’s clean and intuitive, and we’re continuously improving on the app. However, here’s a bullet-pointed list of what to expect.
- Phone number verification for SMS backup, supported by online services using Messente’s API.
- Add the email address for an additional layer of security when needed.
- Automatic sync with our verification API.
- Push notifications when logging in –SMS simplicity with TOTP security.
- Backups are available for accounts using our Verification API.
- Minimal branding, with clean design, makes the app preferable for businesses.
If you’re running an online service and would like to improve security, contact us, and we’ll get you set up with our 2FA API.
Try Verigator and leave us a review in Google Play or the App Store