Just displacing a secret ?

Story: Secure Your Online Accounts With 2FA And Open SourceTotal Replies: 2
Author Content
nmset

Aug 31, 2020
3:37 AM EDT
For passwords, the author says "even if the accounts’ passwords fall to their hands".

For the the second factor : "a “backup code. It is very important that you store this code and keep it somewhere safe".

This backup code may well fall in the hands of a third party. Why would average Tom do better with a backup code than with a password ? I agree that the backup code won't be typed in by average Tom everyday.

This mechanism is widely accepted today by big organizations. Is it really for individual protection? Is it for more control given to big organizations ? Namely Google here via its Authenticator ? What do you think ?
Bob_Mesibov

Aug 31, 2020
4:21 AM EDT
Many large organisations (like banks) insist on SMS for 2FA (like for internet banking). Those of us who don't have a mobile phone can't see why we should spend money (on a phone and a data plan) to suit this version of 2FA. " There's a compilation of MFA alternatives and organisations that use them here: https://twofactorauth.org.

Besides or instead of SMS, some organisations use an automated phone call, hardware or software tokens or email. The email option is easy (I login to GitHub with it) and doesn't add another cost to 2FA.

When I asked for email 2FA at my wife's bank (which is now insisting on 2FA when new contacts are added for direct deposits), I was told "Sorry, our system uses SMS. Is there somebody you know with a mobile phone who would be willing to receive your 2FA code as a SMS?" !!!!!
jdixon

Aug 31, 2020
10:52 AM EDT
> When I asked for email 2FA at my wife's bank (which is now insisting on 2FA when new contacts are added for direct deposits), I was told "Sorry, our system uses SMS.

Sounds like it's time for a new bank. Not everyone has cell phone coverage at their home.

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!