Reading time: 4 min
When validating investments and signing contracts on Crowdestate, it’s smart to keep things secure. To do this, we ask our users to enable two-factor authentication by providing us with a phone number or by signing up for Google’s Authenticator service. This allows us to keep your projects safe and make sure the only person making decisions about your money is you.
However, we do have a preference when it comes to keeping your Crowdestate account secure: Google Authenticator. Want to know why? Have a read below. We’ll run down what it is, why it works, and how to get started using it.
Google Authenticator: what is it?
Google Authenticator is an application that uses two-step TOTP and HOTP password algorithms to verify and authenticate user accounts. This may sound complicated, but the process is simple and highly secure.
When you validate an investment on Crowdestate using Google Authenticator, our site and the Authenticator app on your phone independently generate the same one-time, six-digit password. We then ask you to enter the password visible in the Authenticator app to authenticate the process.
Why is Google Authenticator better than sending an SMS for investing?
You may be wondering why we prefer the Authenticator app to send an SMS for investing, as the two processes are quite similar. The simple answer is that sending an SMS is open to a number of easy security breaches, while the Google Authenticator app is not.
Hackers can access phone numbers through online databases and data leaks, and from there it’s just a step away to porting your phone number to a new device and posing as you. There are even weaknesses in telecom systems that have allowed hackers to carry out SS7 attacks, allowing them to listen to calls and intercept text messages, which could include sensitive information sent via SMS.
The Google Authenticator, however, doesn’t rely on your carrier or phone number, and every temporary code it generates stays within the app. It even works offline. This can come in handy when travelling abroad, as you’ll never have any issues receiving a code. Not to mention that the process is both faster and safer than sending a text.
How can I set up the Google Authenticator?
Setting up a Google Authenticator app on your phone is easy. Just follow these steps:
VIDEO INSTRUCTIONS HERE.
- Download the Google Authenticator app.
- Download a barcode scanner if you don’t have one already.
- Use your browser to open the Google Security page.
- Click on 2-Step Verification.
- Follow the steps to reveal a QR code.
- Open the Google Authenticator app.
- Scan the QR code from your browser then click “Next.”
- Enter the code you see in the Google Authenticator app and click “Verify.”
- That’s it. You’re done!
Setting up Google Authenticator on your Crowdestate account:
- Log in, go to ‘My Profile’ and ‘Validation and contract signing method’.
- Press on ‘Enable two-factor authentication’.
- Take your phone, open Google Authenticator, press on + and scan QR code.
- Enter the code from the app (above Crowdestate) and ‘Activate’.
We recommend taking a screenshot of each of your security codes, as you never know when they might come in handy.