Two Step Verification Will Fail Hard.

[88keys]

It's cumbersome and I don't see how one would expect widespread adoption when people are still using passwords like "12345".

 

[amdhunter]

Holy crap! You almost have my password. Mine only has 1 character more. Amazing.

 

[GeekDrew]

You have a better idea?

 

[ImpulsE69]

You have a better idea?

Socialism?

 

[Charmonium]

Holy crap! You almost have my password. Mine only has 1 character more. Amazing.

Whoa. Six characters for your pw?



Geek :sneaky:

 

[sandorski]

What is a 2 Step verification?

 

[rh71]

Google changed their scheme so now all you have to do is hit Yes on the other side and it's done. Much easier than reading and punching in digits.

 

[Crono]

It's cumbersome and I don't see how one would expect widespread adoption when people are still using passwords like "12345".

 

[TheGardener]

What is a 2 Step verification?

optical anal reader

 

[Charmonium]

What is a 2 Step verification?

It's a new dance the kids are doing.

 

[MrSquished]

i like 2 step verification ()

 

[Chiropteran]

I hate this shit on my credit card accounts.

Why the hell does paying my credit card need to be walled off with such strong security. If some random dude wants to pay my credit card bill for me, LET HIM!

 

[s0me0nesmind1]

I hate this shit on my credit card accounts.

Why the hell does paying my credit card need to be walled off with such strong security. If some random dude wants to pay my credit card bill for me, LET HIM!

This.

My problem isn't 2-factor authentication, it's 2-factor authentication for stupid shit that barely needs 1 factor for authentication.

For example, I can open up Quicken to look up my finances... but if I want to update all the accounts (signing into all the accounts to obtain transaction data, etc...) it requires 2 factor authentication. Seriously? Unless it's a bank account where your actual cash assets are tied to - it's just stupid IMO.

 

[Red Squirrel]

Reminds me of my work place, some systems need like 3 different passwords to get into.

OR

You can dialup to it and enter a 4 digit password. What's the point of all that security level if there is a backup backdoor that is barely secured? Though this is one of few instances where security through obscurity actually works, because nobody would even know how to do anything even if they did gain access.

 

[brianmanahan]

why? 2FA with a phone is great

i use it for anything important (google/gmail, banks, etc) that support it

 

[TheGardener]

Reminds me of my work place, some systems need like 3 different passwords to get into.

OR

You can dialup to it and enter a 4 digit password. What's the point of all that security level if there is a backup backdoor that is barely secured? Though this is one of few instances where security through obscurity actually works, because nobody would even know how to do anything even if they did gain access.

Because one of your peers will quit and move on. Then in a couple years, he'll come back as a consultant at $200 an hour. He'll find the backdoor and other security risks, and look like a hero. Then he'll raise that hourly rate, because he is perceived as being so valuable.

Either that or some pimply teenager in Estonia, will find the backdoor and exploit it for financial gain.

 

[Ichinisan]

I love 2-step. I use it for Google, Microsoft and Dropbox.

I wish my bank account would do it.

 

[NikolaeVarius]

It's crazy to me that after years of people begging to put 2FA into everything because of all these password hacks, now we're begging to get rid of them...

 

[88keys]

You have a better idea?

login credentials could be handled via your web browser. You don't need to make or remember a password for each individual website because it would assign an encryption key that would get changed after each login.

The credentials can be handled by your web browser either through an integrated manager or an extension. Logging into that could be done either by two step verification, fingerprint and/or face scan, speech recognition, mouse/swipe gesture, keyfile, etc.


Passwords in general should be done away with or alternatives need to be introduced. 20 digit alphumeric passwords containing symbols are great but who is going to be able to remember one for each place they login to? Not to mention typing them on a mobile device is a pain in the ass. Key managers are great but they are entirely separate processed that take alot of time to setup which is why you're not seeing widespread adoption.

This is why people just go back to easy cheesy hackable password and you're not going to get people onboard to do something that will make a daily task cumbersome. What if an automaker decided to use two step verification to start their cars? People would most likely buy something else.

That's why it's not gonna work.

 

[MrSquished]

login credentials could be handled via your web browser. You don't need to make or remember a password for each individual website because it would assign an encryption key that would get changed after each login.

The credentials can be handled by your web browser either through an integrated manager or an extension. Logging into that could be done either by two step verification, fingerprint and/or face scan, speech recognition, mouse/swipe gesture, keyfile, etc.


Passwords in general should be done away with or alternatives need to be introduced. 20 digit alphumeric passwords containing symbols are great but who is going to be able to remember one for each place they login to? Not to mention typing them on a mobile device is a pain in the ass. Key managers are great but they are entirely separate processed that take alot of time to setup which is why you're not seeing widespread adoption.

This is why people just go back to easy cheesy hackable password and you're not going to get people onboard to do something that will make a daily task cumbersome. What if an automaker decided to use two step verification to start their cars? People would most likely buy something else.

That's why it's not gonna work.

You don't need to make a unique password for every website/service you login to. That's just too much.

 

[88keys]

You don't need to make a unique password for every website/service you login to. That's just too much.

No but using the same one for each is a horrible idea.

 

[DrPizza]

Reminds me of my work place, some systems need like 3 different passwords to get into.

OR

You can dialup to it and enter a 4 digit password. What's the point of all that security level if there is a backup backdoor that is barely secured? Though this is one of few instances where security through obscurity actually works, because nobody would even know how to do anything even if they did gain access.

"Your password strength isn't sufficient. Please enter a new password. I must be at least 15 characters long, contain two non-alphanumeric symbols, at least 3 capital letters, though not all three consecutively, and no string of characters may spell any word in a Scrabble dictionary, or slang dictionary."

"Thank you. In case you forget your 15 character password, the secret question is, 'what is your father's middle name.' Please enter it now. In the event you lose your password, this will allow you to reset your password.

 

[pontifex]

https://www.youtube.com/watch?v=4Xqhn8eaeCg

 

[MrSquished]

No but using the same one for each is a horrible idea.

Agreed. I have one I use for work-related stuff, one I use for banks, one for other financial stuff like credit cards, one I use for forums, one I use for other stuff. Besides the forum password the others are numerous characters with numbers and a symbol in them.

 

[clamum]

It'll fail because it's cumbersome to you and because some people use shitty passwords? Yeah, no. Also, I don't get why it matters how strong the password is... isn't that part of the point of 2-step?