IMPORTANT: An Extra Layer of Security - Comments Page 1
Posted by:
|
My biggest concern is using Facebook or Google for a two-step process of any kind. They already collect information on everything you do on their sites and now I'm going to allow them to be part of my two-step authentication?! I try to stay as far away from both of them as possible. I would love to see an alternative or two to these two. I understand the need for this process and even support it. I would simply like to have more choices for this. |
Posted by:
|
It is such a pain when traveling and Gmail or others don't recognize your IP address. Facebook is especially annoying, making you identify people in their pictures. I think I would rather risk it than be locked out of services I need when traveling internationally, which I do often. |
Posted by:
|
Have not heard of this till now. I think it is a very good idea with all the dishonest hackers out there trying to steal their way through life on our backs. Anything that puts a stop to them or slows them down I am all for. Thanks for the info. |
Posted by:
|
Phone and/or phone number? Great idea until your phone is lost/stolen or otherwise compromised and the acquiring party uses your password and acquired phone information (number to gain access. A finger print, iris scan or similar with a biometric check, for live finger and/or eye, might be a better idea. |
Posted by:
|
I use 2FA where it has been offered to me and while it is an extra step I think it is well worth the extra protection. I am hoping that the sites where I already have a username and password will offer 2FA to me at some point with a pop up prompt. I hate the thought of having to search out ever website to see if it has 2FA. I am going to check out the site that you referenced in your article. I enjoyed this article as I do all of your articles and look forward to lots more. |
Posted by:
|
Thumb prints and retina scans are good ideas. But how can I prove who I am if I lose a thumb or my thumb is badly burned in an accident. |
Posted by:
|
I am a "Free" Lastpass user, don't have a smart phone, which leaves the "Grid". Print the grid and do what with it? Sending text to my feature phone is not an offered option. For me, Free Lastpass doesn't offer 2FA. Sad |
Posted by:
|
I have 2FA enabled on/for several of my online accounts, however, since I regularly clean my browser history and such, those sites don't recognize my computer and ask me to verify myself each time I login anyway. Obviously the "trust this computer" setting doesn't work in this case, at least for me. Apparently the cleanup I do is removing whatever file the 2FA these sites is wanting kept. Oh well. |
Posted by:
|
Excellent advice, Bob, as always. I activated 2FA a couple of years ago, after I was hacked. I had, mistakenly, thought that it would have been activated by default. It cost me hours of work at the time. I couldn't believe that Yahoo would allow someone in Nigeria to sign in and change all my settings and details. You live and learn! |
Posted by:
|
DiceWare PassPhrase also seems an interesting alternative as another layer of obfuscation. http://world.std.com/~reinhold/diceware.html |
Posted by:
|
@PgmrDude: |
Posted by:
|
I've been using 2 factor authentication for at least a decade. At work, we got SecurID (yes that "e" between the "r" and the "I" that's how it's spelled), which gives us the "something you have" factor. When logging into our system you are presented asking for the number on the fob. You enter that in. Then you enter your password, 2nd factor. Then there is a screen which takes you to a screen where you enter in your PC's name, then you login to your computer. At first it was a hassle but before that, we had a "calculator" which had a challenge response method. You connect, you get a number, enter that number with your own known passcode then it calculates an number and you enter that in. Much better now. |
Posted by:
|
Hi Bob, here's a Canadian perspective. The Canadian Imperial Bank of Commerce (CIBC) does use 2FA, but limits the 2FA verification process to only certain types of transactions and queries such as changing passwords, "large" transactions, adding payees. I'm not sure why they chose this half-measure. Very puzzling. |
Posted by:
|
Have you heard of SQRL (Secure Quick Reliable Login)? It takes a different approach to authentication. See: http://sqrl.pl/blog/ https://www.grc.com/sqrl/sqrl.htm It seems like a really great idea but it hasn't gotten any traction in terms of implementations, although there is an Android (client) app at: https://play.google.com/store/apps/details?id=net.vrallev.android.sqrl |
Posted by:
|
I am a 78 year old neophyte and I'm afraid I don't understand any of this Mumbo Jumbo.I really enjoy you articles but a good deal of it passes right over my head.What do I do? |
Posted by:
|
I am a user of LastPass, I even have the Premium Account. I was surprised, when I read about the hacking attempt, at LastPass. Oh, there was some hacking, but, the layers that LastPass has for security, the hackers did not get any "sensitive" information. Thank goodness, for that. However, I honestly do think it is time, for LastPass to have Two-Factor Authorization, for the future. It really doesn't make any sense, not to ... Especially, in today's world of the hacker! |
Posted by:
|
Here in the UK because of the use of banking smart cards my bank issues a card reader. You can login to your bank using one and a half factors but if you actually want to do anything (set up direct debits/standing order, pay money's) then you insert your card into the reader, enter your PIN to unlock it, then enter a code from the bank to get a response code required to proceed. No mobiles (which I don't have). |
Posted by:
|
Another great article, Bob...thanks My concern with biometric log in is what happens when authorized family or friends are trying to access the accounts of deceased individuals. Passwords can be stored securely with a will, but not biometrics. Is anything being done for this scenario? |
Posted by:
|
What happens with Google Authenticator when I get a new phone? Or worse still, have my phone stolen? |
Posted by:
|
I saw a few responses that refer to a hacker attack on LastPass. The solution to such attacks is to use a keyring application that encrypts and stores your sensitive information locally (on YOUR device), like Enpass does. Your information is NOT stored on any cloud service, unless you choose to sync to your PERSONAL cloud account (Dropbox, Google Drive, OneDrive, local cloud on a network, etc) - as opposed to something like LastPass' cloud storage, where there are obviously many keyrings to steal. The program is free for desktop/laptop computers, with a small one-time fee for phones. FYI, I am not affiliated with Enpass, other than being a satisfied user. |
Read the article that everyone's commenting on.
To post a comment on "IMPORTANT: An Extra Layer of Security"
please return to that article.
Need More Help? Try the AskBobRankin Updates Newsletter. It's Free! |
Prev Article: Time To Worry About Facial Recognition? |
|
Next Article: Is It Time For 4K TV? |
Link to this article from your site or blog. Just copy and paste from this box: |
Free Tech Support -- Ask Bob Rankin Subscribe to AskBobRankin Updates: Free Newsletter About Us Privacy Policy RSS/XML |
(Read the article: IMPORTANT: An Extra Layer of Security)