0

The USPTO has two-step authentication: recommended applications comprise:

  • Google Authenticator
  • Microsoft Authenticator
  • Oracle Authenticator

Assume that I use my Gmail address as the USPTO username. What considerations / questions should I ask myself when choosing an authenticator?

gatorback
  • 1,541
  • 2
  • 12
  • 17
  • 3
    To the people voting to close this question as off-topic for product recommendations: This question does **not** ask: "Which of these is better?". The question asks "What should I look for when picking an authenticator?", and those questions are absolutely on-topic. –  Oct 09 '19 at 14:52
  • We do not have visibility into their organizations to determine who has better security. All of them are technically sound (according to their documentation, anyway), so the question comes down to which organization is protecting their infrastructure the best---something we cannot really know. Look at the features, usability, and supported platforms to make a decision. – DoubleD Oct 09 '19 at 20:09
  • @DoubleD Please consider posting your response as answer, instead of a comment. – gatorback Oct 10 '19 at 02:14

1 Answers1

1

I don't think there is really anything we as a group can do to contrast those in terms of security of the app out-of-hand, since they're at least all reputable organizations(though hey, maybe someone here has actually tested them, who knows!), so all other things being equal there's only really one question I can think of:

  • Which auth app will incur the smallest expansion of my digital footprint?

i.e. "Which app's use least results in my data being sent to new locations/entities?"

In the case of the USPTO, with a gmail account as username, we can assume that 2 entities by necessity know your gmail address(USPTO+Google), and 1 entity definitely knows you have a USPTO account, with another (Google) being extremely likely to learn it as soon as you get an account creation verification email.

So in this case, the minimal number of entities who know about you is 2. This is before we choose an authenticator app.

Without recommending a tool, I will say that it seems clear to me which choice would not involve informing an additional entity about one or more pieces of information (i.e. that you have a USPTO account and/or your gmail address)...

Angelo Schilling
  • 681
  • 3
  • 11