Multi-factor authentication

supton · Sep 26, 2019

Toying with turning it on for the various things I use, but, I'm reminded of how annoying it is for work. It seems like I go a few days with no interruptions, then I'll be home and fire up my work computer and then have to approve 3 or 4 times. Which is annoying because I'll leave my phone in the other room and have to go get it... Does Apple and Yahoo do the same thing, where it's some arbitrary time between approvals? Just wanted to confirm before I go and sign those things up, it seems the new thing to do, and not a bad idea, but so far I've found it kind of an annoyance.

As an aside, it's always kind of amusing when I'm on my phone, go to check email, and I then have to approve it. On my phone. Like that's some great level of security!

alarmguy · Sep 26, 2019

I can be wrong, but if you dont like it, can't you just change your settings and turn it off?

Rand · Sep 26, 2019

get a yubikey.

doesnt work for all websites though.

supton · Sep 26, 2019

Originally Posted by Rand
get a yubikey.

doesnt work for all websites though.

Interesting. I am starting to phase out of my Android devices, but technically I do have PC, Android and iDevices at this time. Not sure if such a device would work on all of them... I'm kinda surprised that my USB ports on my work laptop are not disabled, although they did lock the ability to use USB thumbdrives to only those provided by the company.

KrisZ · Sep 26, 2019

I know that with google, there is an option to remember the device or add ot as a trusted device to your google account. This way it doesnt ask everytime for two factor authentication. With others, you may simply have to stay logged in and they usually don't log you out automatically after a set period of time, unlike enterprise level security settings.

supton · Sep 26, 2019

Originally Posted by KrisZ
I know that with google, there is an option to remember the device or add ot as a trusted device to your google account. This way it doesnt ask everytime for two factor authentication. With others, you may simply have to stay logged in and they usually don't log you out automatically after a set period of time, unlike enterprise level security settings.

Ah, ok, I hadn't thought of that. Work stuff might be set to log out proactively, so as to ensure something won't be open (and attackable) forever. Whereas I could do that with personal stuff, if I so chose.

LoneRanger · Sep 26, 2019

I have it on my online banking, a simple sms text authorization code, but with sim spoofing and hacking on the rise I wonder how effective text two step is (not to be confused with the Texas Two Step...)

Skippy722 · Sep 26, 2019

With Apple, the only time I've found I needed to use the 2 factor is when setting up a new device. Some websites are a PITA and require me to answer questions every time, others work fine.

AlaskaMike · Sep 26, 2019

2 factor auth is currently one of the best defenses against compromises. Ask anyone who's ever had their bank account cleaned out because their phone got compromised, and I bet they probably won't be complaining about the inconvenience of 2 factor auth.

OVERKILL · Sep 26, 2019

Originally Posted by AlaskaMike
2 factor auth is currently one of the best defenses against compromises. Ask anyone who's ever had their bank account cleaned out because their phone got compromised, and I bet they probably won't be complaining about the inconvenience of 2 factor auth.

This. I use 2FA on everything.

supton · Sep 26, 2019

Originally Posted by AlaskaMike
2 factor auth is currently one of the best defenses against compromises. Ask anyone who's ever had their bank account cleaned out because their phone got compromised, and I bet they probably won't be complaining about the inconvenience of 2 factor auth.

Doesn't that argue to not do any banking from a mobile device? I mean, if someone swipes your phone, if they could gain access into it, then they could approve themselves to whatever your phone has access to.

OVERKILL · Sep 26, 2019

Originally Posted by supton
Originally Posted by AlaskaMike
2 factor auth is currently one of the best defenses against compromises. Ask anyone who's ever had their bank account cleaned out because their phone got compromised, and I bet they probably won't be complaining about the inconvenience of 2 factor auth.

Doesn't that argue to not do any banking from a mobile device? I mean, if someone swipes your phone, if they could gain access into it, then they could approve themselves to whatever your phone has access to.

With modern face and touch ID, which should encourage users to use complex passwords, and of course the device lock-out policy and the ability to remote wipe them, swiping the phone shouldn't be an easy workaround. Now, in practice? Depends on the individual.

But this all requires an operation that has physical access. Most of these compromises arise as the result of a phish or database breach where a login, typically an e-mail address, and the associated password is obtained. Often, these folks are in India, China, Russia...etc, somewhere that obtaining physical access to your phone isn't a possibility.

supton · Sep 26, 2019

Hmm. I am switching from my Moto G4 to an iPhone 6S so as to get the fingerprint reader. Right now it warns me that my PIN is weak so I probably should come up with something uber complex under the guise that I should never need it--I had been keeping it on the simple side as I hadn't thought about, actually--it's a PIN that I've been using over the years. But as my iDevices get fingerprint readers I guess an easy PIN is no longer needed.

KrisZ · Sep 26, 2019

You will still need the 6 digit pin when you restart the phone or when installing updates. So pick something you remember.

supton · Sep 26, 2019

Originally Posted by KrisZ
You will still need the 6 digit pin when you restart the phone or when installing updates. So pick something you remember.

True, ok will do that. Have to think of yet another one I guess.

On the flip side, if I do this right, I should be able to give up the sheet of paper I've been carrying around for the last oh 4 or 5 years. The one with every password I need for various things. I could put that onto the cloud and then have it available to any device I use. Or, heaven forbid, finally start using one of those online services that do it for me.

OVERKILL · Sep 26, 2019

Originally Posted by supton
Originally Posted by KrisZ
You will still need the 6 digit pin when you restart the phone or when installing updates. So pick something you remember.

True, ok will do that. Have to think of yet another one I guess.

On the flip side, if I do this right, I should be able to give up the sheet of paper I've been carrying around for the last oh 4 or 5 years. The one with every password I need for various things. I could put that onto the cloud and then have it available to any device I use. Or, heaven forbid, finally start using one of those online services that do it for me.

yes, you should use a password keeper app of some sort that encrypts your data in iCloud or similar.

KrisZ · Sep 26, 2019

Originally Posted by supton
Originally Posted by KrisZ
You will still need the 6 digit pin when you restart the phone or when installing updates. So pick something you remember.

True, ok will do that. Have to think of yet another one I guess.

On the flip side, if I do this right, I should be able to give up the sheet of paper I've been carrying around for the last oh 4 or 5 years. The one with every password I need for various things. I could put that onto the cloud and then have it available to any device I use. Or, heaven forbid, finally start using one of those online services that do it for me.

iOS has this nice feature called Keychain. It will remember your passwords for everything and fill them out for you too. You just have to set one, really strong, master password.

Actually I think it's tided to your apple I'd account, so make sure you have a really strong password on that and double authentication.

supton · Sep 26, 2019

I have to look into that, but the downside is that I use a PC for work. I could just separate my usage of work from home, and use the work PC strictly for work, but the company doesn't have a policy against that sort of thing (as long as it's not abused). I still plan to have a PC at home for various things like messing with Arduino's or the like.

KrisZ · Sep 26, 2019

Keychain only works in apple devices as far as I know, so for personal mac devices I would use that.

For your work PC, I'm not sure which browser you use, but chrome or firefox can save your password and login information as well, so you don't have to type them in. You can always delete all that info by deleting history from the browser.

supton · Sep 26, 2019

I use Chrome, and I do let it remember passwords.

Multi-factor authentication

supton

alarmguy

Rand

supton

KrisZ

supton

LoneRanger

Skippy722

AlaskaMike

OVERKILL

$100 Site Donor 2021

supton

OVERKILL

$100 Site Donor 2021

supton

KrisZ

supton

OVERKILL

$100 Site Donor 2021

KrisZ

supton

KrisZ

supton

Similar threads