Skip to the main content.

Our client portal provides all the tools you need to create, view or update your support requests. 


For urgent IT support during business hours, or if you suspect anything suspicious call  01314528444 for the fastest response.


If one of our team has asked you to start a remote control session on your computer, use the remote control menu option above.

4 min read

Is it safe to put my work authenticator app on my personal phone?

Can you safely add authenticator apps for work accounts to your personal phone. We think you can and here's why.

 

Background

Protecting your online accounts is more crucial than ever. Authenticator apps are among the most effective tools for boosting security. The UK's National Cyber Security Centre highly recommends their use. Nonetheless, many individuals have reservations about integrating work accounts into authenticator apps on their personal devices. Let’s explore what authenticator apps are, how they function, and address common privacy and security concerns.

If you don't wish to read further, the key point is that they are secure and there's no need for concern. In fact, if you haven't already set one up for your personal accounts, you should consider updating your security settings promptly. Check for MFA or 2FA in your account settings.

 

What are authenticator apps?

Authenticator apps are simple, self-contained mobile applications that generate time-based one-time passwords (TOTPs) or verification codes used for multi-factor authentication (MFA).

Popular examples include:

  • Google Authenticator
  • Microsoft Authenticator
  • Authy

These apps add an extra layer of security to your online accounts by providing a second form of verification in addition to your password that cyber criminals can't easily get hold of.

 

How do authenticator apps work?

Authenticator apps generally work on a very simple three stage process. 

  1. QR Code for this pageSetup MFA: When you enable MFA on an account, you’ll typically be asked to scan a QR code with your authenticator app. This QR code contains a secret key that the app uses to generate verification codes. The service you're trying to log into stores the same secret key against your account on their own servers in an encrypted format so that it's unreadable to anyone else including the staff at the service you're trying to log into.
  2. Generate a Code: The app uses the secret key and the current time to generate a unique, time-sensitive code (sometimes called a Time-based One Time Password, or TOTP). These codes usually refresh every 30 seconds.
  3. Verify the Code: When you log in to your account, you’ll enter your password as usual. Then, you’ll be prompted to enter the code from your authenticator app. The service will match what you enter against its own generated code and if they match you are granted access. Only someone with access to both your password and the current code can log in.

Because the app is essentially just a number generator that uses a secret key as a seed to generate codes they aren't actually 'linked' to accounts. They're not really connected to your account, they just store the same key as your account.

 

Interactive app authentication

authenticator app notification

Some services have streamlined the process slightly to save you having to manually enter a 6 digit code. 

These service's servers store your authenticator's ID so that it can communicate with it by sending notifications to your phone asking you to take action.

This is why you will sometimes see your authenticator app pop up on your phone asking you to unlock it and enter a code, or select a number from a selection of three options.

In this case, the app is communicating with the server directly but isn't linked to any data in your account or on your phone. The self-contained app sends your response to the server to save you having to type out a 6 digit number. 

 

Why are authenticator apps safer than other forms of MFA?

Historically MFA (sometimes referred to as two-factor authentication or 2FA) relied on sending either an email or an SMS to you. Both of these forms of communication are interceptable by cyber-criminals and so aren't as secure as an authenticator app.

The app knows the secret key that only the other server knows. there is nothing communicated between them that is interceptable and useable by a criminal.

Additionally, over and above security, apps are also more reliable as they do not rely on mobile phone coverage to receive an SMS. Many of us have experienced the pain of needing to log into a cloud-service but not being able to receive the SMS code before authenticators were created.


Privacy Concerns

One common concern among people is the fear that adding a work account to their personal phone might allow their IT department to access their personal information. Let’s address this concern in detail:

  • Separation of Data: Authenticator apps do not have access to your personal data. They only generate verification codes based on the secret key provided during setup. The app itself does not store or transmit any personal information.
  • Limited Permissions: When you install an authenticator app, it typically requires minimal permissions. It does not need access to your contacts, messages, or other personal data.
  • No IT Access: Adding a work account to your authenticator app does not grant your IT department access to your personal phone. The authenticator app functions independently and does not provide any backdoor into your device.
  • Control and Transparency: You have full control over the authenticator app. You can see exactly what accounts are added and can remove them at any time. This transparency ensures that you know exactly what the app is doing.

 

Best Practices for Using Authenticator Apps

In addition to simply using an authenticator, there's some best practice guidance and advice that we'll share to make sure that you get the most out of using authentication apps.

  • Create Backup Codes: When setting up MFA, always save the backup codes provided. These can be used if you lose access to your authenticator app.
  • Set App Security: Use a strong password or biometric lock for your phone to prevent unauthorised access to your authenticator app.
  • Perform Regular Updates: Keep your authenticator app updated to benefit from the latest security features and improvements.

 

Conclusion

Authenticator apps are a powerful tool for enhancing the security of your online accounts. They provide an additional layer of protection that is both effective and easy to use. While it’s natural to have concerns about privacy, it’s important to understand that these apps are designed with security and user control in mind. By using an authenticator app, you can significantly reduce the risk of unauthorised access to your accounts without compromising your personal privacy.

 

Next Steps....

If you would like assistance with setting up authenticator apps, multi-factor authentication or any other cyber security initiatives, get in touch with your team of experts today.

Find out more

Get in touch with us for a chat about how we you could increase your organisation's cyber security.

How to demonstrate compliance with data security regulations

How to demonstrate compliance with data security regulations

Effective Password Management In this, our final blog in this series on how passwords help you protect your most important business data, we look at...

Read More
What is app fatigue & why is it a security issue?

3 min read

What is app fatigue & why is it a security issue?

The number of apps and web tools that employees use regularly continues to increase. Most departments have about 40-60 different digital tools that...

Read More
How to protect your online accounts from being breached

How to protect your online accounts from being breached

Stolen login credentials are a hot commodity on the Dark Web. There’s a price for every type of account from online banking to social media. For...

Read More