Two Step Verification Will Fail Hard.

[JujuFish]

I love 2FA. I turn it on for everything I can.

 

[Red Squirrel]

2FA is good for stuff that's actually critical. For example I use it with my domain names. The most important things to secure are probably your bank, domain names, and email. If one of those is hacked, they can basically end your online life.

Old, but good read:

https://medium.com/@N/how-i-lost-my-50-000-twitter-username-24eb09e026dd#.rmnlsf99v

It was Godaddy and Paypal's fault, too, so it comes to show how you can take all the precautions you want but all it takes is for some incompetent CSR to give away your info. Amazon is another company that is apparently really bad for that. All you need is someone's name and a fake address and you can basically get all their account info.

 

[Gooberlx2]

I love 2FA. I turn it on for everything I can.

Same. Between Lastpass, Authy (or SMS), and printed backup codes if I absolutely needed them, implementing two-step has been a non-issue for me.

 

[John Connor]

optical anal reader

https://www.youtube.com/watch?v=2DZ9XLNKBH8

 

[John Connor]

What is a 2 Step verification?

This video will describe that for you. https://www.youtube.com/watch?v=ay6GjmiJTPM

 

[John Connor]

I use Authy for a of things. I used the Authy extension in Chrome so I don't have to go to my phone. But if I clear everything on the computer with Ccleaner and SystemNinja, then Authy will have to send me a text to verify my Authy account with all my logins.

Now here's the best part. I don't even reach for my phone. No, I stay on the computer and access the phone with Teamviewer.

Did I mention Teamviewer is using Authy too?

 

[TheGardener]

https://www.youtube.com/watch?v=2DZ9XLNKBH8

The only good thing about TSA is that we know that someday they will be replaced by drones.
​

 

[DrPizza]

Two factor authentication is great for people who like the extra security - and it does provide an additional layer of security. Idiots who are dumb enough to use the same password everywhere would benefit even more from such authentication; however, they're too stupid to understand why a code sent as a text message helps them, thus they whine about the extra step that protects their information.

 

[TheGardener]

In my first experience with a two step verification, I called a financial service firm. She didn't want to ask me my secret question and have me answer it. That would have been too easy. Hell I didn't even remember doing that second step verification. Instead she asks me my secret answer. I tell the women, "that is not how it is how it is suppose to work. You need to ask me the question, and I'll give you the answer." She tells me they don't have the secret question. After another minute of her babbling about policy, I say "how the hell am I suppose to know the answer, if you don't ask me the question?" I had no idea of what kind of question I chose. If asked, I could likely answered the question. So we parted ways. I called back later and spoke to someone with a reasonably rational mind.

 

[John Connor]

Because of this thread I found out I could also Two-factor Box and Dropbox. It never did occur to me to two-factor my Google account so I did that too.

My domains are two-factored, my WordPress site, Github and a few other things.

 

[shortylickens]

You don't need to make a unique password for every website/service you login to. That's just too much.

Umm, dude, THIS site just got hacked and the passwords were spread all over the internet!

 

[poofyhairguy]

You have a better idea?

LastPass type vault plus a fingerprint reader. The vault app automatically creates for you a crazy long password for each site, and each of those are secured in the password vault via your fingerprint. On each site you give the vault app your fingerprint and it will blast in the unique password for you.

This is already possible on Android, and it way more practical than people making their own passwords.

 

[BurnItDwn]

For work, over the last bunch of years we have been using some form of RSA token + Password combo...

It was a bit of a PITA to start but takes maybe 5 seconds nowdays. Its nothing compared to the pain of dealing with shit like sharepoint, any "atlassian tool", Remedy, Planwell or any/every other web based tool ...

Im a unix guy, give me a server and a command line and man pages, Id rather have to figure out 100 new command line arguments and tools than deal with any one of these so called tools ..

 

[Naeeldar]

2FA is very easy when used with a mobile app. It's far from cumbersome and this is coming from the sales guy that had it implemented on him in the last year.

Frankly it's needed and it won't fail because not implementing is costing companies and govts. far to much $$$

 

[Midwayman]

2FA has already saved my ass a couple times with all the hack running around. Get those pw reset emails once in awhile where I'm pretty sure they managed to enter the PW, but all the PW change stuff needs to go through my email with 2FA. I use a PW manager with 2FA as well and generate long and random PWs. Unlikely anyone is brute forcing them, so if they have them, they have them through a hack.

 

[dainthomas]

It's cumbersome and I don't see how one would expect widespread adoption when people are still using passwords like "12345".

That's the combination to my luggage!

 

[sdifox]

What is a 2 Step verification?

Before you type in the password you have to walk two steps. Really annoying since I would be standing too far from the keyboard.

 

[Spungo]

A process that makes it extremely difficult to hack your account? Yeah, what a stupid idea. Then I can't blame hackers when I get drunk and start tweeting about Jews.

 

[JimKiler]

According to this article if an identity thief takes over your mobile phone account they can then get a hold of your TFA and potentially get into your bank info.

http://www.nbcnews.com/tech/tech-news/fraud-alert-id-thieves-hijack-mobile-phone-accounts-n599761

I think this article is more hype at that point, while it could happen they provide no example of it happening. Just people getting free phones from the identity theft.

 

[foghorn67]

According to this article if an identity thief takes over your mobile phone account they can then get a hold of your TFA and potentially get into your bank info.

http://www.nbcnews.com/tech/tech-news/fraud-alert-id-thieves-hijack-mobile-phone-accounts-n599761

I think this article is more hype at that point, while it could happen they provide no example of it happening. Just people getting free phones from the identity theft.

Setup a verbal password with your phone carrier.

Sent from my SM-G930T using Tapatalk

 

[sdifox]

LastPass type vault plus a fingerprint reader. The vault app automatically creates for you a crazy long password for each site, and each of those are secured in the password vault via your fingerprint. On each site you give the vault app your fingerprint and it will blast in the unique password for you.

This is already possible on Android, and it way more practical than people making their own passwords.

This is how you lose fingers.

 

[poofyhairguy]

This is how you lose fingers.

 

[sdifox]

https://www.youtube.com/watch?v=DvqWlRBV81M

https://www.youtube.com/watch?v=CbM--4-z0cs


I'll stick with a password thank you very much.

 

[Nashemon]

Google changed their scheme so now all you have to do is hit Yes on the other side and it's done. Much easier than reading and punching in digits.

I had to deal with it today. It basically told me that if I'm doing it entirely from an Android phone, all it has to do is receive the text. I didn't even have to open the message app at all.

 

[poofyhairguy]

https://www.youtube.com/watch?v=DvqWlRBV81M

https://www.youtube.com/watch?v=CbM--4-z0cs

I see your 00's and 90's Sci Fi and raise you 80's Sci Fi: