What are your thoughts on two-factor authentication?


What are your thoughts on two-factor authentication?  

58 members have voted

  1. 1. What are your thoughts on two-factor authentication?

    • It does not make your account more secure.
      0
    • It makes your accounts more secure.
    • I'm Neutral
  2. 2. If two-factor authentication was available on a particular service would you use it?



Recommended Posts

After reading the front page story about outlook.com implementing two-factor authentication, I saw some mixed opinions. I was surprised. So I thought I would create a poll.

Link to comment
Share on other sites

Someone on the front page article mentioned the Matt Honan hack.

Had two factor authentication been turned on in his gmail account it would have prevented the hack. Because I think with two-factor authentication enabled, gmail does not show you part of the recovery email address which was an apple account. Also After that hack happened, Apple has ADDED Two-factor authentication. They also say when you turn that we we will never be able to reset your password for you.

Link to comment
Share on other sites

It does add another layer of security - but I wouldn't use it for all my services. I've still yet to make the switch on two-factor authentication, but will in the future for my more important web/cloud based services (Gmail, Dropbox, etc.)

Link to comment
Share on other sites

If every account required a code to be sent to your phone, successful hacks would be less heard of by 1000%

If every login service required a phone number for 2nd factor, I would sign up for every one of them

Link to comment
Share on other sites

For some things it's perfectly fine, for other things it wastes my time. Forcing it on me would likely annoy me and I'd find another service that doesn't. I understand it's usability don't get me wrong, but I don't care about protecting my junk email account from hackers (and things of that nature).

Link to comment
Share on other sites

For some things it's perfectly fine, for other things it wastes my time. Forcing it on me would likely annoy me and I'd find another service that doesn't. I understand it's usability don't get me wrong, but I don't care about protecting my junk email account from hackers (and things of that nature).

I think your views would quickly change if your important accounts were hacked.

Not that long ago I used to use the same password for a lot of my accounts, I knew it was a bad move but never did anything about it until not all that long ago, my email and password that I was using for all these accounts, was exposed in a hack that publicised thousands of account details from some insignificant site that I had not even thought about for years.

Then I realised just how much could be lost if someone went playing with those details.

I use lastpass and fortunately for me, they told me which accounts were compromised,

Unfortunately for me, that was over 300 sites.

I spent the majority of the next few days changing my passwords on all of those sites with a securely generated password from lastpass, which I should have been using the entire time.

A lot of hours wasted and driving me insane, but a lesson learned all the same.

2 factor authentication would have prevented me worrying at all.

Link to comment
Share on other sites

shouldn't even be an option, since it does.

I know it does. I just had to give the hates in the article something to choose when they come in and vote :)

Link to comment
Share on other sites

A website I was a member of got hacked so I had to go around and change all my passwords because most of my sites I used the same password. I setup LastPass with the YubiKey for 2-factor authentication and I feel so much more at ease. I just wish more sites would use the Yubikey. If a service offers 2-factor, I use it.

Link to comment
Share on other sites

A website I was a member of got hacked so I had to go around and change all my passwords because most of my sites I used the same password. I setup LastPass with the YubiKey for 2-factor authentication and I feel so much more at ease. I just wish more sites would use the Yubikey. If a service offers 2-factor, I use it.

Same, stupidly I wanted the ease of knowing my password for each site over security if it was ever compromised, I lost and spent many hours fixing my mistake.

Link to comment
Share on other sites

I think your views would quickly change if your important accounts were hacked.

. . .

I use a different password for every single place I use, and in most cases a different username as well.

I have been 'hacked' before in a game I used to play that ironically had two-factor authentication (A 'Pin-code' system). That's the only thing of mine that has ever been exploited and it turns out they got a SQL dump with non-salted passwords, likely got the un-hashed pass in minutes and brute-forced my pin as the game seems to have zero brute-force recognition. I later got my character back and all of it's stuff as there was an obvious roll-back.

Like I said, I'm not against two-factor authentication, but I am against forcing it upon me. I do - and will continue to - use it.

Link to comment
Share on other sites

I use a different password for every single place I use, and in most cases a different username as well.

I have been 'hacked' before in a game I used to play that ironically had two-factor authentication (A 'Pin-code' system). That's the only thing of mine that has ever been exploited and it turns out they got a SQL dump with non-salted passwords, likely got the un-hashed pass in minutes and brute-forced my pin as the game seems to have zero brute-force recognition. I later got my character back and all of it's stuff as there was an obvious roll-back.

Like I said, I'm not against two-factor authentication, but I am against forcing it upon me. I do - and will continue to - use it.

Mine was my email as the username & password I used everywhere, and yea you're right, changing at least the username or the password is the key, which I was stupid enough to ignore, the few days it took to change them was worth it, and I now use a secure and unique password / username for every site

Link to comment
Share on other sites

I have been 'hacked' before in a game I used to play that ironically had two-factor authentication (A 'Pin-code' system). That's the only thing of mine that has ever been exploited and it turns out they got a SQL dump with non-salted passwords, likely got the un-hashed pass in minutes and brute-forced my pin as the game seems to have zero brute-force recognition. I later got my character back and all of it's stuff as there was an obvious roll-back.

A pin code system that send's to an e-mail address is insufficient, when someone get's into your one single e-mail account anything linked to that account is as risk. Using a true 2 factor authentication method includes some type of external hardware, be it your phone, code card, usb keyfob, or keychain token.

Link to comment
Share on other sites

At the end of the day, who doesn't have a phone? Yes you can argue that some people don't, but that's BS, everyone has a phone. if you have the net, you can afford a ?10 phone.

2 factor auth to a phone should be mandatory.

Link to comment
Share on other sites

I say optional, be as secure as you want, just deal with all associated fees if you don't use the more secure option.

Link to comment
Share on other sites

I say optional, be as secure as you want, just deal with all associated fees if you don't use the more secure option.

Optional to 'sign out' of the security would be my say, leave it enabled as default

Link to comment
Share on other sites

I use two-factor authentication with numerous services (Steam, Google, Blizzard) and very much appreciate the extra security. When I read the front page article I was surprised to see so many comments critical of it. Then again, it's like the people who maintain there is no need for anti-virus software because they're so knowledgeable about computers and the risks.

Link to comment
Share on other sites

. . .true 2 factor authentication method includes some type of external hardware, be it your phone, code card, usb keyfob, or keychain token.

No, true two-factor authentication is being authenticated with two differing pieces of identification. I think you mean to use the word 'good' or 'better'.

Edit: I'm wrong.

Edited by astropheed
Link to comment
Share on other sites

No, true two-factor authentication is being authenticated with two differing pieces of identification. I think you mean to use the word 'good' or 'better'.

Incorrect, the definition of two or multi-factor authentication, includes "something the user knows" example, password..... and "something the user has" like a keyfob, usb dongle, phone, code card. etc. Or replacing "something the user has" would be "something the user is" like a fingerprint, retina scan

Having a pin go to your e-mail isn't "something the user has"

Link to comment
Share on other sites

Incorrect, the definition of two or multi-factor authentication, includes "something the user knows" example, password..... and "something the user has" like a keyfob, usb dongle, phone, code card. etc. Or replacing "something the user has" would be "something the user is" like a fingerprint, retina scan

Having a pin go to your e-mail isn't "something the user has"

I took the time to Google it and concede. You learn something new every day.

Link to comment
Share on other sites

I took the time to Google it and concede. You learn something new every day.

I am in the middle of a multi-factor authentication roll out right now to comply with FBI CJIS requirements, so I've had to do some research on it myself. The PIN system helps, like the way Steam implements it. But it still turns into a single point of failure if someone gets into the e-mail account associated with the Steam account, they then control the account e-mail and the PIN access.

Link to comment
Share on other sites

Incorrect, the definition of two or multi-factor authentication, includes "something the user knows" example, password..... and "something the user has" like a keyfob, usb dongle, phone, code card. etc. Or replacing "something the user has" would be "something the user is" like a fingerprint, retina scan

Having a pin go to your e-mail isn't "something the user has"

Correct.

Something you know : Text

Something you have : Physical Device

Something you are: Finger prints or retina scan.

A pin to your email would be something you have access to but so could someone else.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.