Products > Security

Two factor authentication with phone, is it secure enough?

(1/15) > >>

Zucca:
....of course nothing is secure enough, and it is just another layer of security.

Browser software nowadays offers quite often a feature to save username and password for website logins.
I never trusted the above for critical stuff, but I now realize that all my critical logins require a two factor authentication with my phone.

Since saving the login data in a browser is a terrible idea on a security point of view, it is sooo practical on the other hand...

I am wondering if since I have the two factor authentication active I could safely let FireFox to store and keep my critical logins data...

What do you think?

ataradov:
How do you menage passwords now? If it is a small set of passwords for all sites, then this is pretty much worse of all options.

Use a real password manager with audited code and implementation. My personal preference is Bitwarden, but there are others. And whatever you do, do not use LastPass.

Browser password store is not the best option. Plus it is least portable one.

SiliconWizard:
It's better to use your browser's password manager, and define a different, strong password for each different website/service you use, than to not use its password manager, and since it becomes less convenient, use fewer different passwords. Hands down.

Now there are also dedicated password managers, they are more secure than your browser's one until some horrific security hole is found in them. Which will invariably happen sooner or later.

Of course two-factor authentication mitigates the problem for critical services.

As to copying your stored passwords, it's usually just a matter of copying the corresponding database in your profile, the exact location depends on your browser and OS. It's not rocket science and I've done that successfully before. Of course, synchronizing password lists this way is not practical, so to be used preferably in a single-way fashion.

With all that said, I'm not advocating any particular approach here. Just giving a couple thoughts.

dobsonr741:
Well said. Bitwarden, 1Password, to name a few. These password wallets can act as the multi factor authentication token too, super convenient. Use a sufficiently strong password on these wallets. And put proper locking on your phone, in addition.

Zucca:

--- Quote from: ataradov on March 10, 2023, 01:59:30 am ---How do you menage passwords now?

--- End quote ---

A horrible excel file with different password, different username and different email for each website.
Everytime I need to open that file it makes me sick, it has become huge and ugly.

Bitwarden looks sexy, I will do my homework.

Navigation

[0] Message Index

[#] Next page

There was an error while thanking
Thanking...
Go to full version
Powered by SMFPacks Advanced Attachments Uploader Mod