Alter_Fridge
Member
Wouldn't this almost eradicate password theft/hacking?
-
Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.
Why isn't 2 Factor Authentication the global standard for verifying credentials?
- Thread starter Alter_Fridge
- Start date
CrankyJay™
Member
Only if the second factor was to a phone instead of email, and even then that's not 100% foolproof.
Alter_Fridge
Member
No it's not, but it would make the world a hell of a lot more secure
100% of people who need to verify themself online in this world carry a phone
Last edited:
CrankyJay™
Member
I turn it on when it's available, especially for anything related to financials.
GeorgPrime
Banned
They have to wait until the people who do this pay enough money to politicians to get the standard out. Otherwise, like in germany, they will still use old technologies that are broken as fuck lol
Alter_Fridge
Member
It shouldn't have to be opt-in. It should be there by default. 1 layer of security is soooo 1990
CrankyJay™
Member
Alter_Fridge
Member
Just as long as you don't use any of your standard browsing credentials same as the important stuff
Rest
All these years later I still chuckle at what a fucking moron that guy is.
What's "important stuff?" I don't buy anything online, no one is going to steal my money.
Alter_Fridge
Member
Using same email/password for Netbanking and general forums etc. Paypal. Any sort of electronic payment method
Last edited:
down 2 orth
Member
OP wants to force people to give up their phone numbers so they can be tracked. Fuck that noise.
Hatemachine
Banned
Because it's a pain in the ass and diminishes privacy.
Vicetrailia
Banned
Would help if there were more cell towers in low population out there places. Can’t always guarantee that you have cell service which sucks. And yes I go camping often.
infinitys_7th
Member
Most of those sort of standards aren't set by politicians, but by independent organizations.
What politicians would want is a backdoor into anything 2FA protected, like they do with encryption.
I don't use it because it's a nightmare where I live. Often doesn't recognize the country code and doesn't deliver the texts, or delivers them an hour late when they're worthless.
Then when I'm travelling abroad and have no service, that's when they're most likely to want to send a code to your phone - because of a foreign IP login pinging their fraud detection. As a result there's been many times when I'm in the US at a hotel or shopping centre where I've been trying to log in to a travel site or banking site only for 2FA to send something to my phone (no service) and leave me totally locked out of my shit with no recourse. I've had so many travel nightmares due to this shit.
So now I turn it off for everything I possibly can, and use a password manager to generate the longest possible random passwords for important services.
Then when I'm travelling abroad and have no service, that's when they're most likely to want to send a code to your phone - because of a foreign IP login pinging their fraud detection. As a result there's been many times when I'm in the US at a hotel or shopping centre where I've been trying to log in to a travel site or banking site only for 2FA to send something to my phone (no service) and leave me totally locked out of my shit with no recourse. I've had so many travel nightmares due to this shit.
So now I turn it off for everything I possibly can, and use a password manager to generate the longest possible random passwords for important services.
Last edited:
Alter_Fridge
Member
CrankyJay™
Member
Since when do we have to cater to "everyone"? Chances are if they don't have a phone, they don't use the Internet either.
CrankyJay™
Member
My company just started using Okta to log onto the VPN, I have to admit it's pretty cool to get the "Is that you?" alert on my watch and reply yes from there.
Last edited:
CloudNull
Banned
Okta is by far the best 2 form authentication tool. It took me months to realize it can be used for almost any website that has two form authentication. Okta handles all my work security and all my crypto/investment accounts. Literally a one stop shop for my additional security.
Alter_Fridge
Member
Not everyone carries a phone is up there with the not everyone is constantly connected to the Net fallacy
It's just not real in this day and age
Last edited:
Miles708
Member
This is a bad take.
You could have your phone stolen, or not have reception (to receive sms's), or, yes, not have a phone at all, and you should equally be able to use your online banking in a secure way.
It's not like there aren't 2FA systems that don't involve a Google/Apple-powered plastic brick you don't have control over.
Last edited:
Rockondevil
Member
For those complaining/worried about giving their phone number up to companies you can alternatively use an authenticator application.
Really it just comes down to it being supported. I definitely use it where available.
Really it just comes down to it being supported. I definitely use it where available.
RavageX
Member
Your phone gets stolen, guess what? Your done. Using Google's stuff as an example, sometimes it just doesn't work.
You get your phone stolen, get a new phone with your same number and want to sign into your Google account but Google will often recognize that it's a new phone, and then want your old phone to verify its you.....which is beyond stupid. Seen stuff like that happen.
You get your phone stolen, get a new phone with your same number and want to sign into your Google account but Google will often recognize that it's a new phone, and then want your old phone to verify its you.....which is beyond stupid. Seen stuff like that happen.
Rest
All these years later I still chuckle at what a fucking moron that guy is.
I don't use any of that.
IntentionalPun
Ask me about my wife's perfect butthole
Cost of implementation is the reason. Which often boils down to the cost of upgrading an entire system, because a lot of companies have old licenses for software and only the new version has 2FA.
Rolling your own isn't hard, but that requires dev work.. which means hiring a consulting firm for a lot of companies. and then you've customized something.. and then that could break something else, or stop you from being able to apply a patch.
Etc.,etc.etc.,
it IS the standard.. but it's gonna take a long time to get there.
Rolling your own isn't hard, but that requires dev work.. which means hiring a consulting firm for a lot of companies. and then you've customized something.. and then that could break something else, or stop you from being able to apply a patch.
Etc.,etc.etc.,
it IS the standard.. but it's gonna take a long time to get there.
Last edited:
IntentionalPun
Ask me about my wife's perfect butthole
Email is way less secure .
But most services still allow it as an option, they just discourage it.
Phone numbers are more secure, and authenticator apps even more than that... you generally don't NEED a "phone" to use an authenticator app if that's the direction a company is going.
Technically don't NEED a phone to get a text message either... sign up for an online number if you need to.
Last edited:
CrankyJay™
Member
It’s not a bad take. There are ways around your specific scenario.