Two Factor Authentication Article

[Sajo]

This was in my morning Google News Feed and thought it was worth while to share here.

Two-factor authentication is a mess

Sent from my XT1650 using Tapatalk

 

[me just sayin]

I only use two factor authentication on lastpass. it would be a pain to have it on all of my different online accounts. as far as what the article says, I am not technical enough to worry about any risks.

 

[kodiak799]

I use it for my Google account and a few others I've been forced onto. Google authenticator works pretty well, but quickest and easiest is just a text code to my Google Voice account.

LOL, bank we use for our HOA sent us key fobs for two-factor use - if it were just my personal account I would drop them.

I've thought about about one of those cryptokeys plugged into the USB port - wish they could just check if my watch is linked to my PC via bluetooth. Of course, the problem as mentioned in the article is if I lose that key, then I need some sort of recovery method (which generally appears to be vulnerable).

 

[Sajo]

I use it on every app & website that offers it (Google, Amazon, PayPal, my bank, etc., etc.). Even though SMS text may be considered the least preferable Two factor option that's what almost everything uses that I have seen, and the apps & websites I use it with. I figure a text with a code is still an extra layer of protection, seems good enough for my needs. Hackers would need my specific password for that site / app and would have to intercept my texts or hack Verizon to get my access code.

 

[kodiak799]

Hackers would need my specific password for that site / app and would have to intercept my texts or hack Verizon to get my access code.

It seems like sorcery that a hacker could intercept my phone code, then go hack my account and re-direct the login notification before it hits my phone and email. I'm still getting an email with account access, which is actually a third piece they'd have to hack to prevent my knowing.

I'd think it's an easier play to find answers to someone's secret questions, either thru research or compromising a less secure or trivial site....because the "secret questions" seem to be mostly the same everywhere that uses them.

 

[me just sayin]

It seems like sorcery that a hacker could intercept my phone code, then go hack my account and re-direct the login notification before it hits my phone and email. I'm still getting an email with account access, which is actually a third piece they'd have to hack to prevent my knowing.

I'd think it's an easier play to find answers to someone's secret questions, either thru research or compromising a less secure or trivial site....because the "secret questions" seem to be mostly the same everywhere that uses them.

there is always that possibility that something could happen but imo, it is a slim chance that someone will have access to your account if they do not have access to your two factor at this time.

as far as the secret questions, they got to have access to one of your accounts if they answer the secret questions right in order to reset your password.

 

[Sajo]

This is not specifically related to Two factor Authentication, but is an interesting article about passwords.

Best practices for passwords updated after original author regrets his advice

 

[kodiak799]

This is not specifically related to Two factor Authentication, but is an interesting article about passwords.

Best practices for passwords updated after original author regrets his advice

Interesting. I suppose you could roll the dice and use the same ID and password (like that one) everywhere and change when alerted to a hack. But otherwise still too many ID's and password/phrases to remember.

I've been thinking about getting a Ubikey for two-factor authentication - plug it in the USB slot of my PC and forget about it.

 

[me just sayin]

I thought about a usb key but the way I lose things, I decided I better not.

 

[kodiak799]

I thought about a usb key but the way I lose things, I decided I better not.

That's why I'm looking at one of the Ubikeys - it's a half-size SD card, so it sits flush in the laptop slot. Plug it in and forget about it. But before I shell out $50 I'd want to know it's compatible with all my banks (probably not). Works with LastPass and other password managers, though, so that would probably be enough with complex generated passwords.

There's also software (Sesame) that will do this with an SD card for $15-$20, I think...not sure if that's a Lastpass exclusive app or not. I have a spare micro sd, I'd just need to buy a half-size card adapter (damn you ultrabooks for taking away the full-size SD slot!!!!).

 

[me just sayin]

That's why I'm looking at one of the Ubikeys - it's a half-size SD card, so it sits flush in the laptop slot. Plug it in and forget about it. But before I shell out $50 I'd want to know it's compatible with all my banks (probably not). Works with LastPass and other password managers, though, so that would probably be enough with complex generated passwords.

There's also software (Sesame) that will do this with an SD card for $15-$20, I think...not sure if that's a Lastpass exclusive app or not. I have a spare micro sd, I'd just need to buy a half-size card adapter (damn you ultrabooks for taking away the full-size SD slot!!!!).

I will just stick with lastpass - unless they raise the price again.