Jump to content



Photo

What are your thoughts on two-factor authentication?


  • Please log in to reply
38 replies to this topic

Poll: What are your thoughts on two-factor authentication?

This is a public poll. Other members will be able to see which options you chose

What are your thoughts on two-factor authentication?

You cannot see the results of the poll until you have voted. Please login and cast your vote to see the results of this poll.

If two-factor authentication was available on a particular service would you use it?

You cannot see the results of the poll until you have voted. Please login and cast your vote to see the results of this poll.
Vote Guests cannot vote

#1 +warwagon

warwagon

    Only you can prevent forest fires.

  • 26,786 posts
  • Joined: 30-November 01
  • Location: Iowa

Posted 09 April 2013 - 22:23

After reading the front page story about outlook.com implementing two-factor authentication, I saw some mixed opinions. I was surprised. So I thought I would create a poll.


#2 Detection

Detection

    Detecting stuff...

  • 8,369 posts
  • Joined: 30-October 10
  • Location: UK
  • OS: 7 SP1 x64

Posted 09 April 2013 - 22:29

It should be forced, imo its the only way to secure an account

#3 OP +warwagon

warwagon

    Only you can prevent forest fires.

  • 26,786 posts
  • Joined: 30-November 01
  • Location: Iowa

Posted 09 April 2013 - 22:33

Someone on the front page article mentioned the Matt Honan hack.

Had two factor authentication been turned on in his gmail account it would have prevented the hack. Because I think with two-factor authentication enabled, gmail does not show you part of the recovery email address which was an apple account. Also After that hack happened, Apple has ADDED Two-factor authentication. They also say when you turn that we we will never be able to reset your password for you.

#4 tsupersonic

tsupersonic

    Neowinian Senior

  • 6,734 posts
  • Joined: 30-September 06
  • Location: USA
  • OS: Win. 8.1 Pro. x64/Mac OS X
  • Phone: iPhone 5S/Nexus 5

Posted 09 April 2013 - 22:35

It does add another layer of security - but I wouldn't use it for all my services. I've still yet to make the switch on two-factor authentication, but will in the future for my more important web/cloud based services (Gmail, Dropbox, etc.)

#5 Detection

Detection

    Detecting stuff...

  • 8,369 posts
  • Joined: 30-October 10
  • Location: UK
  • OS: 7 SP1 x64

Posted 09 April 2013 - 22:40

If every account required a code to be sent to your phone, successful hacks would be less heard of by 1000%

If every login service required a phone number for 2nd factor, I would sign up for every one of them

#6 The_Observer

The_Observer

    Apples, Bananas, Rhinoceros!

  • 3,966 posts
  • Joined: 12-April 05
  • Location: New Zealand
  • OS: OS X 10.9
  • Phone: iPhone5s

Posted 09 April 2013 - 22:43

yea i would be happy for this. Something to send me a code to my phone.

#7 astropheed

astropheed

    astropheed

  • 1,841 posts
  • Joined: 08-December 11
  • Location: Sydney, AU

Posted 09 April 2013 - 22:43

For some things it's perfectly fine, for other things it wastes my time. Forcing it on me would likely annoy me and I'd find another service that doesn't. I understand it's usability don't get me wrong, but I don't care about protecting my junk email account from hackers (and things of that nature).

#8 44MLX

44MLX

    Neowinian

  • 721 posts
  • Joined: 13-December 11
  • Location: London
  • OS: Win 8
  • Phone: iPhone 5

Posted 09 April 2013 - 22:45

If this means that my account is going to be more secure I'm all for it!

#9 xendrome

xendrome

    In God We Trust; All Others We Monitor

  • 7,390 posts
  • Joined: 05-December 01
  • OS: Windows 8.1 Pro x64

Posted 09 April 2013 - 22:48

It does not make your account more secure.

shouldn't even be an option, since it does.

#10 Detection

Detection

    Detecting stuff...

  • 8,369 posts
  • Joined: 30-October 10
  • Location: UK
  • OS: 7 SP1 x64

Posted 09 April 2013 - 22:49

For some things it's perfectly fine, for other things it wastes my time. Forcing it on me would likely annoy me and I'd find another service that doesn't. I understand it's usability don't get me wrong, but I don't care about protecting my junk email account from hackers (and things of that nature).


I think your views would quickly change if your important accounts were hacked.

Not that long ago I used to use the same password for a lot of my accounts, I knew it was a bad move but never did anything about it until not all that long ago, my email and password that I was using for all these accounts, was exposed in a hack that publicised thousands of account details from some insignificant site that I had not even thought about for years.

Then I realised just how much could be lost if someone went playing with those details.

I use lastpass and fortunately for me, they told me which accounts were compromised,

Unfortunately for me, that was over 300 sites.

I spent the majority of the next few days changing my passwords on all of those sites with a securely generated password from lastpass, which I should have been using the entire time.

A lot of hours wasted and driving me insane, but a lesson learned all the same.

2 factor authentication would have prevented me worrying at all.

#11 OP +warwagon

warwagon

    Only you can prevent forest fires.

  • 26,786 posts
  • Joined: 30-November 01
  • Location: Iowa

Posted 09 April 2013 - 22:50

shouldn't even be an option, since it does.


I know it does. I just had to give the hates in the article something to choose when they come in and vote :)

#12 notta

notta

    Neowinian

  • 720 posts
  • Joined: 20-April 05

Posted 09 April 2013 - 22:51

A website I was a member of got hacked so I had to go around and change all my passwords because most of my sites I used the same password. I setup LastPass with the YubiKey for 2-factor authentication and I feel so much more at ease. I just wish more sites would use the Yubikey. If a service offers 2-factor, I use it.

#13 Detection

Detection

    Detecting stuff...

  • 8,369 posts
  • Joined: 30-October 10
  • Location: UK
  • OS: 7 SP1 x64

Posted 09 April 2013 - 22:56

A website I was a member of got hacked so I had to go around and change all my passwords because most of my sites I used the same password. I setup LastPass with the YubiKey for 2-factor authentication and I feel so much more at ease. I just wish more sites would use the Yubikey. If a service offers 2-factor, I use it.


Same, stupidly I wanted the ease of knowing my password for each site over security if it was ever compromised, I lost and spent many hours fixing my mistake.

#14 astropheed

astropheed

    astropheed

  • 1,841 posts
  • Joined: 08-December 11
  • Location: Sydney, AU

Posted 09 April 2013 - 23:07

I think your views would quickly change if your important accounts were hacked.

. . .


I use a different password for every single place I use, and in most cases a different username as well.

I have been 'hacked' before in a game I used to play that ironically had two-factor authentication (A 'Pin-code' system). That's the only thing of mine that has ever been exploited and it turns out they got a SQL dump with non-salted passwords, likely got the un-hashed pass in minutes and brute-forced my pin as the game seems to have zero brute-force recognition. I later got my character back and all of it's stuff as there was an obvious roll-back.

Like I said, I'm not against two-factor authentication, but I am against forcing it upon me. I do - and will continue to - use it.

#15 Detection

Detection

    Detecting stuff...

  • 8,369 posts
  • Joined: 30-October 10
  • Location: UK
  • OS: 7 SP1 x64

Posted 09 April 2013 - 23:13

I use a different password for every single place I use, and in most cases a different username as well.

I have been 'hacked' before in a game I used to play that ironically had two-factor authentication (A 'Pin-code' system). That's the only thing of mine that has ever been exploited and it turns out they got a SQL dump with non-salted passwords, likely got the un-hashed pass in minutes and brute-forced my pin as the game seems to have zero brute-force recognition. I later got my character back and all of it's stuff as there was an obvious roll-back.

Like I said, I'm not against two-factor authentication, but I am against forcing it upon me. I do - and will continue to - use it.


Mine was my email as the username & password I used everywhere, and yea you're right, changing at least the username or the password is the key, which I was stupid enough to ignore, the few days it took to change them was worth it, and I now use a secure and unique password / username for every site