Protecc - article in progress
article and header design by @anma_fan
Protecc—a simple yet powerful 2FA client
Ever hated it when it comes to setting up two-factor-authentication (2FA) for your accounts? In this modern day, security is an undeniably the most crucial part of everyone's daily use of technology. This also applies to your online accounts, where 2FA is the global standard in enforcing a secure and safe authentication method.
Hear me out, have you ever felt the pain of setting up 2FA authentication? All it take is just a 2FA client, it's that simple, no? Well, unfortunately it might not be as simple as you can think of.
2FA becoming the global standard in today's scenarios—smart yet painful
Getting into the world of 2FA
Now we're getting into the problems we're looking the solution for. What's the big deal setting up such thing for the sake of security? For starters, they will surely look into something beneficial that would give the advantages in term of account security. I mean, who ever wanted their accounts to be hijacked by unethical black hats? Some might just ignore this issue since they believed that a strong password is enough.
Slow down, bro. You might already set an extremely strong 128-characters password, even (apologizes for the sarcasm, intentional joke). But do trust me—once the service you're using have their servers compromised then your insane long password is nothing. They could gain it just in a blink of eye.
Get it now? Onto the next one—the 2FA pains. Some companies would use one-time password (OTP) verification via SMS or email. There's also a chance that they offer you to use Time-based One Time Password (TOTP) as an alternative verification method which uses unique numeric passwords are generated with a standardized algorithm that uses the current time as an input. The time-based passwords are available offline and provide user-friendly, increased account security when used as a second factor.
Huge companies making use of 2FA methods to secure their users' accounts
The pains of setting up TOTP
Not familiar of how TOTP works? It's pretty straightforward and easy to set up. Though it could be painful since it requires a TOTP client to generate your temporary one-time password using specific algorithms.
Doesn't sounds like an issue to you? Well, for some people it might be nothing to be worried of, but here's the common pain of setting up TOTP—based on experiences from users all around the web (and mine too, of course).
- Availability. While it seems to be as simple as installing a TOTP client, the availability of such client which is functional and trustworthy is very limited. Google Authenticator is a pretty decent solution, and it has the ability to synchronize your TOTPs between your devices, but it's limited to mobile devices only. Personally I'd say I rely on my PCs more than my mobile ones. Picking up the phone just to have a quick peek at my TOTPs seems irrelevant enough.
- Trustworthness. There aren't much trusted companies developing 2FA clients on the store currently, limiting us with very few options. There are bunch more from third-party developers though, but they might not be as secure as you can think of. The apps themselves looks odd, hard to use and not really well made.
- Ease of use. Some developers crafted their TOTP clients very carefully, giving meticulous attention to the details. Though these ones are very limited. Authy, for example—one of the most trusted TOTP clients—have a very weird and outdated UI and navigations, which might be hard for some untrained eyes despite of the app being extremely functional.
This is Protecc
Thankfully we got a cure to this pain.