Two Step Verification Will Fail Hard.

Page 3 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.
Toggle sidebar Toggle sidebar
NikolaeVarius

NikolaeVarius

Lifer
Oct 25, 2006
11,036
11
91
clamum said:
It'll fail because it's cumbersome to you and because some people use shitty passwords? Yeah, no. Also, I don't get why it matters how strong the password is... isn't that part of the point of 2-step?
Click to expand...

2 Factor doesn't always authenticate. Gmail/Banks/etc etc tend to give your computer a 30 day cookie where you don't have to 2 factor login again. So anyone local who knows your "12345" password can still trivially login.

2 Factor works against remote login attempts so you should still have a strong password.
 
Last edited:
Ichinisan

Ichinisan

Lifer
Oct 9, 2002
28,298
1,235
136
JimKiler said:
According to this article if an identity thief takes over your mobile phone account they can then get a hold of your TFA and potentially get into your bank info.

http://www.nbcnews.com/tech/tech-news/fraud-alert-id-thieves-hijack-mobile-phone-accounts-n599761

I think this article is more hype at that point, while it could happen they provide no example of it happening. Just people getting free phones from the identity theft.
Click to expand...

Without 2FA on your email account, they could take over the email account and gain access to everything else through password resets.

No need to target your phone in that case.

Also, that wouldn't work for me. Gaining access to my phone number to get my texts wouldn't work because I don't do 2FA via text. I use 2FA with the Google Authenticator app. It's set to use time based cypher, so I don't even need a mobile data connection or WiFi signal.

Dropbox and Hotmail work fine with my Google Authenticator app. I'm pretty sure Microsoft has a free multi-platform Authenticator app too.
 
Last edited:
S

stlc8tr

Golden Member
Jan 5, 2011
1,106
4
76
NikolaeVarius said:
2 Factor doesn't always authenticate. Gmail/Banks/etc etc tend to give your computer a 30 day cookie where you don't have to 2 factor login again. So anyone local who knows your "12345" password can still trivially login.

2 Factor works against remote login attempts so you should still have a strong password.
Click to expand...

If you're that worried about a local attack, you can set a password for your PC or configure your browser to wipe cookies periodically.
 
Charmonium

Charmonium

Lifer
May 15, 2015
10,555
3,546
136
I called one of my credit card companies a few days ago, Citi I think, and they asked if they could voice print me. I said yes.

This will probably be the next thing in biometrics.
 
biostud

biostud

Lifer
Feb 27, 2003
19,948
7,045
136
I use it for google and microsoft accounts. And we have a public NemID (EasyID) two step verification system in Denmark you use with all public servives, banks, insurance etc. You get a small piece cardboard with a lot of one times codes you use, combined with your social security number and personal password, and when there's 30 codes left on your card they'll send you a new one. Or you can buy an electronic number generator if you use it a lot.
 
JimKiler

JimKiler

Diamond Member
Oct 10, 2002
3,561
206
106
Ichinisan said:
Without 2FA on your email account, they could take over the email account and gain access to everything else through password resets.

No need to target your phone in that case.

Also, that wouldn't work for me. Gaining access to my phone number to get my texts wouldn't work because I don't do 2FA via text. I use 2FA with the Google Authenticator app. It's set to use time based cypher, so I don't even need a mobile data connection or WiFi signal.

Dropbox and Hotmail work fine with my Google Authenticator app. I'm pretty sure Microsoft has a free multi-platform Authenticator app too.
Click to expand...

What is the google 2FA app? That is an app and not a dongle like RSA keychains right?
 
Adul

Adul

Elite Member
Oct 9, 1999
32,999
44
91
danny.tangtam.com
2factor when made easy is good I like how it is setup for Microsoft multi-factor auth, blizzards updated authenticator, and a couple of others I have used. Simple to use and increases security greatly.
 
S

stlc8tr

Golden Member
Jan 5, 2011
1,106
4
76
JimKiler said:
What is the google 2FA app? That is an app and not a dongle like RSA keychains right?
Click to expand...

Yes, it's an app.

https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en

It's time-based so no network access needed.

Alternatives include Authy.

https://play.google.com/store/apps/details?id=com.authy.authy&hl=en

Authy allows for multi-device linking so you can have the codes appear on all of your devices (including your browser). (There's a hack to do this for Google's app but it's much easier to do with Authy.)
 
TheGardener

TheGardener

Golden Member
Jul 19, 2014
1,945
33
56
Charmonium said:
I called one of my credit card companies a few days ago, Citi I think, and they asked if they could voice print me. I said yes.

This will probably be the next thing in biometrics.
Click to expand...
So far I was asked once, and I declined. Of course just about every call that one makes to a customer service department is recorded. So if they want, they could pull a Microsoft by ignoring my opt out and do it anyway.
 
shortylickens

shortylickens

No Lifer
Jul 15, 2003
80,287
17,081
136
we need encouragement to use it




Z8kTngF.png
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom