Sign in to follow this  
Followers 0

What are your thoughts on two-factor authentication?

What are your thoughts on two-factor authentication?   58 votes

  1. 1. What are your thoughts on two-factor authentication?

    • It does not make your account more secure.
      0
    • It makes your accounts more secure.
    • I'm Neutral
  2. 2. If two-factor authentication was available on a particular service would you use it?


Please sign in or register to vote in this poll.

39 posts in this topic

Posted

After reading the front page story about outlook.com implementing two-factor authentication, I saw some mixed opinions. I was surprised. So I thought I would create a poll.

Share this post


Link to post
Share on other sites

Posted

It should be forced, imo its the only way to secure an account

2 people like this

Share this post


Link to post
Share on other sites

Posted

Someone on the front page article mentioned the Matt Honan hack.

Had two factor authentication been turned on in his gmail account it would have prevented the hack. Because I think with two-factor authentication enabled, gmail does not show you part of the recovery email address which was an apple account. Also After that hack happened, Apple has ADDED Two-factor authentication. They also say when you turn that we we will never be able to reset your password for you.

Share this post


Link to post
Share on other sites

Posted

It does add another layer of security - but I wouldn't use it for all my services. I've still yet to make the switch on two-factor authentication, but will in the future for my more important web/cloud based services (Gmail, Dropbox, etc.)

Share this post


Link to post
Share on other sites

Posted

If every account required a code to be sent to your phone, successful hacks would be less heard of by 1000%

If every login service required a phone number for 2nd factor, I would sign up for every one of them

Share this post


Link to post
Share on other sites

Posted

yea i would be happy for this. Something to send me a code to my phone.

Share this post


Link to post
Share on other sites

Posted

For some things it's perfectly fine, for other things it wastes my time. Forcing it on me would likely annoy me and I'd find another service that doesn't. I understand it's usability don't get me wrong, but I don't care about protecting my junk email account from hackers (and things of that nature).

Share this post


Link to post
Share on other sites

Posted

If this means that my account is going to be more secure I'm all for it!

Share this post


Link to post
Share on other sites

Posted

It does not make your account more secure.
shouldn't even be an option, since it does.
1 person likes this

Share this post


Link to post
Share on other sites

Posted

For some things it's perfectly fine, for other things it wastes my time. Forcing it on me would likely annoy me and I'd find another service that doesn't. I understand it's usability don't get me wrong, but I don't care about protecting my junk email account from hackers (and things of that nature).

I think your views would quickly change if your important accounts were hacked.

Not that long ago I used to use the same password for a lot of my accounts, I knew it was a bad move but never did anything about it until not all that long ago, my email and password that I was using for all these accounts, was exposed in a hack that publicised thousands of account details from some insignificant site that I had not even thought about for years.

Then I realised just how much could be lost if someone went playing with those details.

I use lastpass and fortunately for me, they told me which accounts were compromised,

Unfortunately for me, that was over 300 sites.

I spent the majority of the next few days changing my passwords on all of those sites with a securely generated password from lastpass, which I should have been using the entire time.

A lot of hours wasted and driving me insane, but a lesson learned all the same.

2 factor authentication would have prevented me worrying at all.

Share this post


Link to post
Share on other sites

Posted

shouldn't even be an option, since it does.

I know it does. I just had to give the hates in the article something to choose when they come in and vote :)

Share this post


Link to post
Share on other sites

Posted

A website I was a member of got hacked so I had to go around and change all my passwords because most of my sites I used the same password. I setup LastPass with the YubiKey for 2-factor authentication and I feel so much more at ease. I just wish more sites would use the Yubikey. If a service offers 2-factor, I use it.

Share this post


Link to post
Share on other sites

Posted

A website I was a member of got hacked so I had to go around and change all my passwords because most of my sites I used the same password. I setup LastPass with the YubiKey for 2-factor authentication and I feel so much more at ease. I just wish more sites would use the Yubikey. If a service offers 2-factor, I use it.

Same, stupidly I wanted the ease of knowing my password for each site over security if it was ever compromised, I lost and spent many hours fixing my mistake.

Share this post


Link to post
Share on other sites

Posted

I think your views would quickly change if your important accounts were hacked.

. . .

I use a different password for every single place I use, and in most cases a different username as well.

I have been 'hacked' before in a game I used to play that ironically had two-factor authentication (A 'Pin-code' system). That's the only thing of mine that has ever been exploited and it turns out they got a SQL dump with non-salted passwords, likely got the un-hashed pass in minutes and brute-forced my pin as the game seems to have zero brute-force recognition. I later got my character back and all of it's stuff as there was an obvious roll-back.

Like I said, I'm not against two-factor authentication, but I am against forcing it upon me. I do - and will continue to - use it.

Share this post


Link to post
Share on other sites

Posted

I use a different password for every single place I use, and in most cases a different username as well.

I have been 'hacked' before in a game I used to play that ironically had two-factor authentication (A 'Pin-code' system). That's the only thing of mine that has ever been exploited and it turns out they got a SQL dump with non-salted passwords, likely got the un-hashed pass in minutes and brute-forced my pin as the game seems to have zero brute-force recognition. I later got my character back and all of it's stuff as there was an obvious roll-back.

Like I said, I'm not against two-factor authentication, but I am against forcing it upon me. I do - and will continue to - use it.

Mine was my email as the username & password I used everywhere, and yea you're right, changing at least the username or the password is the key, which I was stupid enough to ignore, the few days it took to change them was worth it, and I now use a secure and unique password / username for every site

Share this post


Link to post
Share on other sites

Posted

I have been 'hacked' before in a game I used to play that ironically had two-factor authentication (A 'Pin-code' system). That's the only thing of mine that has ever been exploited and it turns out they got a SQL dump with non-salted passwords, likely got the un-hashed pass in minutes and brute-forced my pin as the game seems to have zero brute-force recognition. I later got my character back and all of it's stuff as there was an obvious roll-back.

A pin code system that send's to an e-mail address is insufficient, when someone get's into your one single e-mail account anything linked to that account is as risk. Using a true 2 factor authentication method includes some type of external hardware, be it your phone, code card, usb keyfob, or keychain token.

Share this post


Link to post
Share on other sites

Posted

At the end of the day, who doesn't have a phone? Yes you can argue that some people don't, but that's BS, everyone has a phone. if you have the net, you can afford a

Share this post


Link to post
Share on other sites

Posted

I say optional, be as secure as you want, just deal with all associated fees if you don't use the more secure option.

Share this post


Link to post
Share on other sites

Posted

I say optional, be as secure as you want, just deal with all associated fees if you don't use the more secure option.

Optional to 'sign out' of the security would be my say, leave it enabled as default

Share this post


Link to post
Share on other sites

Posted

I use two-factor authentication with numerous services (Steam, Google, Blizzard) and very much appreciate the extra security. When I read the front page article I was surprised to see so many comments critical of it. Then again, it's like the people who maintain there is no need for anti-virus software because they're so knowledgeable about computers and the risks.

1 person likes this

Share this post


Link to post
Share on other sites

Posted (edited)

. . .true 2 factor authentication method includes some type of external hardware, be it your phone, code card, usb keyfob, or keychain token.

No, true two-factor authentication is being authenticated with two differing pieces of identification. I think you mean to use the word 'good' or 'better'.

Edit: I'm wrong.

Edited by astropheed

Share this post


Link to post
Share on other sites

Posted

No, true two-factor authentication is being authenticated with two differing pieces of identification. I think you mean to use the word 'good' or 'better'.

Incorrect, the definition of two or multi-factor authentication, includes "something the user knows" example, password..... and "something the user has" like a keyfob, usb dongle, phone, code card. etc. Or replacing "something the user has" would be "something the user is" like a fingerprint, retina scan

Having a pin go to your e-mail isn't "something the user has"

Share this post


Link to post
Share on other sites

Posted

Incorrect, the definition of two or multi-factor authentication, includes "something the user knows" example, password..... and "something the user has" like a keyfob, usb dongle, phone, code card. etc. Or replacing "something the user has" would be "something the user is" like a fingerprint, retina scan

Having a pin go to your e-mail isn't "something the user has"

I took the time to Google it and concede. You learn something new every day.

Share this post


Link to post
Share on other sites

Posted

I took the time to Google it and concede. You learn something new every day.

I am in the middle of a multi-factor authentication roll out right now to comply with FBI CJIS requirements, so I've had to do some research on it myself. The PIN system helps, like the way Steam implements it. But it still turns into a single point of failure if someone gets into the e-mail account associated with the Steam account, they then control the account e-mail and the PIN access.

Share this post


Link to post
Share on other sites

Posted

Incorrect, the definition of two or multi-factor authentication, includes "something the user knows" example, password..... and "something the user has" like a keyfob, usb dongle, phone, code card. etc. Or replacing "something the user has" would be "something the user is" like a fingerprint, retina scan

Having a pin go to your e-mail isn't "something the user has"

Correct.

Something you know : Text

Something you have : Physical Device

Something you are: Finger prints or retina scan.

A pin to your email would be something you have access to but so could someone else.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.