What are your thoughts on two-factor authentication?

[xendrome]

A pin to your email would be something you have access to but so could someone else.

The pin, like with Steam as an example. Would help in the instance where your steam password and e-mail password were different, but someone got into your steam account using it's password. Then they could just change the associated account e-mail address and password to the steam account. If you have the PIN enabled, it'll stop that, and hopefully the user doesn't have the same password for both services.

[Hum]

Angers me when Yahoo wants my phone number to log-on --- I always avoid that crap. :crazy:

[MorganX]

Incorrect, the definition of two or multi-factor authentication, includes "something the user knows" example, password..... and "something the user has" like a keyfob, usb dongle, phone, code card. etc. Or replacing "something the user has" would be "something the user is" like a fingerprint, retina scan

Having a pin go to your e-mail isn't "something the user has"

Or something the user has and is: My favorite, Smart Card Fingerprint reader with fingerprint stored on smart chip for authentication as opposed to being stored in AD.

[Sandor]

I think your views would quickly change if your important accounts were hacked.

Not that long ago I used to use the same password for a lot of my accounts, I knew it was a bad move but never did anything about it until not all that long ago, my email and password that I was using for all these accounts, was exposed in a hack that publicised thousands of account details from some insignificant site that I had not even thought about for years.

Then I realised just how much could be lost if someone went playing with those details.

I use lastpass and fortunately for me, they told me which accounts were compromised,

Unfortunately for me, that was over 300 sites.

I spent the majority of the next few days changing my passwords on all of those sites with a securely generated password from lastpass, which I should have been using the entire time.

A lot of hours wasted and driving me insane, but a lesson learned all the same.

2 factor authentication would have prevented me worrying at all.

Considering you use LastPass, not really an excuse for having the same password on 300 sites.

I need to beef my security up bit but at least I have a variety of usernames, email addresses and passwords to make combinations out of.

[Growled Member]

I think it's a great idea but I rarely use it because it's annoying as hades. I'd rather use Lastpass.

[BajiRav]

I consider 2factor authentication as one additional layer and use it wherever I can. I have started using unique passwords for almost all websites as well.

The pin, like with Steam as an example. Would help in the instance where your steam password and e-mail password were different, but someone got into your steam account using it's password. Then they could just change the associated account e-mail address and password to the steam account. If you have the PIN enabled, it'll stop that, and hopefully the user doesn't have the same password for both services.

Here is something funny I heard (probably on the TWIT podcast). If you don't have two factor authentication on your Apple account and somebody gets hold of your iDevice which has associated email setup on it - you are essentially screwed. :p

[MorganX]

Here is something funny I heard (probably on the TWIT podcast). If you don't have two factor authentication on your Apple account and somebody gets hold of your iDevice which has associated email setup on it - you are essentially screwed. :p

That's good to know. I only keep my iPad 2 around for some fitness peripherals and don't pay much attention to it otherwise. Probably should sanitize it.

[LittleNeutrino Veteran]

I have two factor authentication setup for My Blizzard account, I have it on my GW2 account, I use it for my Google account, and i have several Tokens at work for various things. I wish i could use Google Open for all of them so I only had to use one token but its nice to have it.

[Hum]

As long as they give users a choice, I would not be against two-factor.

[manni]

I'm already using two factor authentication in few web services.

[xxxxxx.xxxxxx]

I currently use 2 factor authentication with my Google account. Works very well and is definitely more secure.

[Sir Topham Hatt]

I am surprised in this busy world of ours, people are happy to wait for a code to be sent to a mobile device.

[spike232]

Depends on the method used, I enable it everywhere my yubi key is supported.

[soldier1st]

If you ask me, it comes down to 2 factors. The annoy factor and the convenience factor. A user wants something that is convenient, without alot/any of the annoy factor. if the annoy factor outways the convenience factor, then not many if any users will adopt it. It would also depend on what they are using and what is stored in/on it.