Two Factor Authentication Article

Discussion in 'Off Topic Forum' started by Sajo, Jul 11, 2017.

  1. Sajo

    Sajo Diamond Member

    Joined:
    Jan 25, 2013
    Messages:
    11,362
    Likes Received:
    7,094
    Trophy Points:
    1,863
    Location:
    Tennessee
    Ratings:
    +7,604
    Current Phone Model:
    Moto Droid Z Force
    This was in my morning Google News Feed and thought it was worth while to share here.

    Two-factor authentication is a mess

    Sent from my XT1650 using Tapatalk
     
    • Like Like x 3
  2. me just sayin

    me just sayin Gold Member

    Top Poster Of Month

    Joined:
    Jun 7, 2017
    Messages:
    2,322
    Likes Received:
    952
    Trophy Points:
    348
    Location:
    35.7051° N, 89.9695° W
    Ratings:
    +1,025
    Current Phone Model:
    Note 8
    I only use two factor authentication on lastpass. it would be a pain to have it on all of my different online accounts. as far as what the article says, I am not technical enough to worry about any risks.
     
  3. kodiak799

    kodiak799 Gold Member

    Joined:
    Feb 20, 2010
    Messages:
    6,000
    Likes Received:
    774
    Trophy Points:
    258
    Ratings:
    +941
    I use it for my Google account and a few others I've been forced onto. Google authenticator works pretty well, but quickest and easiest is just a text code to my Google Voice account.

    LOL, bank we use for our HOA sent us key fobs for two-factor use - if it were just my personal account I would drop them.

    I've thought about about one of those cryptokeys plugged into the USB port - wish they could just check if my watch is linked to my PC via bluetooth. Of course, the problem as mentioned in the article is if I lose that key, then I need some sort of recovery method (which generally appears to be vulnerable).
     
  4. Sajo

    Sajo Diamond Member

    Joined:
    Jan 25, 2013
    Messages:
    11,362
    Likes Received:
    7,094
    Trophy Points:
    1,863
    Location:
    Tennessee
    Ratings:
    +7,604
    Current Phone Model:
    Moto Droid Z Force
    I use it on every app & website that offers it (Google, Amazon, PayPal, my bank, etc., etc.). Even though SMS text may be considered the least preferable Two factor option that's what almost everything uses that I have seen, and the apps & websites I use it with. I figure a text with a code is still an extra layer of protection, seems good enough for my needs. Hackers would need my specific password for that site / app and would have to intercept my texts or hack Verizon to get my access code.
     
    • Like Like x 1
  5. kodiak799

    kodiak799 Gold Member

    Joined:
    Feb 20, 2010
    Messages:
    6,000
    Likes Received:
    774
    Trophy Points:
    258
    Ratings:
    +941
    It seems like sorcery that a hacker could intercept my phone code, then go hack my account and re-direct the login notification before it hits my phone and email. I'm still getting an email with account access, which is actually a third piece they'd have to hack to prevent my knowing.

    I'd think it's an easier play to find answers to someone's secret questions, either thru research or compromising a less secure or trivial site....because the "secret questions" seem to be mostly the same everywhere that uses them.
     
    • Agree Agree x 2
  6. me just sayin

    me just sayin Gold Member

    Top Poster Of Month

    Joined:
    Jun 7, 2017
    Messages:
    2,322
    Likes Received:
    952
    Trophy Points:
    348
    Location:
    35.7051° N, 89.9695° W
    Ratings:
    +1,025
    Current Phone Model:
    Note 8
    there is always that possibility that something could happen but imo, it is a slim chance that someone will have access to your account if they do not have access to your two factor at this time.

    as far as the secret questions, they got to have access to one of your accounts if they answer the secret questions right in order to reset your password.
     
  7. Sajo

    Sajo Diamond Member

    Joined:
    Jan 25, 2013
    Messages:
    11,362
    Likes Received:
    7,094
    Trophy Points:
    1,863
    Location:
    Tennessee
    Ratings:
    +7,604
    Current Phone Model:
    Moto Droid Z Force
  8. kodiak799

    kodiak799 Gold Member

    Joined:
    Feb 20, 2010
    Messages:
    6,000
    Likes Received:
    774
    Trophy Points:
    258
    Ratings:
    +941
    Interesting. I suppose you could roll the dice and use the same ID and password (like that one) everywhere and change when alerted to a hack. But otherwise still too many ID's and password/phrases to remember.

    I've been thinking about getting a Ubikey for two-factor authentication - plug it in the USB slot of my PC and forget about it.
     
    • Like Like x 1
  9. me just sayin

    me just sayin Gold Member

    Top Poster Of Month

    Joined:
    Jun 7, 2017
    Messages:
    2,322
    Likes Received:
    952
    Trophy Points:
    348
    Location:
    35.7051° N, 89.9695° W
    Ratings:
    +1,025
    Current Phone Model:
    Note 8
    I thought about a usb key but the way I lose things, I decided I better not.
     
  10. kodiak799

    kodiak799 Gold Member

    Joined:
    Feb 20, 2010
    Messages:
    6,000
    Likes Received:
    774
    Trophy Points:
    258
    Ratings:
    +941
    That's why I'm looking at one of the Ubikeys - it's a half-size SD card, so it sits flush in the laptop slot. Plug it in and forget about it. But before I shell out $50 I'd want to know it's compatible with all my banks (probably not). Works with LastPass and other password managers, though, so that would probably be enough with complex generated passwords.

    There's also software (Sesame) that will do this with an SD card for $15-$20, I think...not sure if that's a Lastpass exclusive app or not. I have a spare micro sd, I'd just need to buy a half-size card adapter (damn you ultrabooks for taking away the full-size SD slot!!!!).
     
    #10 kodiak799, Aug 9, 2017
    Last edited: Aug 9, 2017
  11. me just sayin

    me just sayin Gold Member

    Top Poster Of Month

    Joined:
    Jun 7, 2017
    Messages:
    2,322
    Likes Received:
    952
    Trophy Points:
    348
    Location:
    35.7051° N, 89.9695° W
    Ratings:
    +1,025
    Current Phone Model:
    Note 8
    I will just stick with lastpass - unless they raise the price again.