| General > General Technical Chat |
| 2FA two step verification & the obsession with security |
| << < (4/15) > >> |
| magic:
GMail isn't the only "brand name provider". Last time I checked, Microsoft still allowed signups without phone numbers and bullshit like that. You did have to do some captcha thing. |
| madires:
In case you go for a FIDO token get two, one for daily use and the second one as backup token. Register both with each 2FA account. The problem is that you can't copy/backup/restore those tokens. If you have just one and it breaks or you lose it, you will have a lot of fun recovering access to your accounts. Most services support having multiple tokens, but the odd one might only allow a single token. BTW, hardware tokens usually provide higher security than apps on your mobile phone. |
| Marco:
It's a shame FIDO is explicitly designed to prevent cloning, even by the user. I'd really prefer a paper backup of the private key. |
| JohanH:
--- Quote from: sleemanj on February 13, 2022, 01:09:10 am ---TOTP (Time-based One Time Password) is the mechanism by which most 2FA works. Plenty of existing libraries to do it in various languages - even an Arduino can do it. You need a reasonably accurate clock and to be able to do an sha1 hash and that's about the biggest complexity. --- End quote --- I'd set up google-authenticator in PAM on the raspberry pie. Suddenly one day it didn't accept my TOTP. I had of course forgot to set up ntp on the raspberry that lacks an internal hardware clock and the clock had drifted. But, I waited for half a minute (for the next round of codes) and now it accepted the old code. With ntp it works without problems. |
| tooki:
--- Quote from: jonovid on February 12, 2022, 07:20:00 pm ---recently google ,microsoft and others have started pushing two step verifications and having an obsession with security. :scared: as if it was a big threat to them. as a non-phone owner. I never asked for this level of security. I never asked for more verifications […] my point is the obsession with security is not coming from us users, but google , microsoft & apple Inc who are the paranoid users, that say we want this. --- End quote --- The stupid in this post is so strong it hurts. You clearly haven’t put even two seconds of thought or research into what the consequences of a personal security breach can be. The fact that we’re moving everything to 2FA isn’t a show of “paranoia”, but rather a fully justified condemnation of 1FA. |
| Navigation |
| Message Index |
| Next page |
| Previous page |