![]() Keeping clients' computers safe and profitable for over 30 years | |||
Home Forms About Current Newsletter subscribe Search All Articles
Browse by Category
![]() |
Two Factor Authentication Article for: Everyone Difficulty: Moderate Importance: Helps you assess your security risks Although Two Factor Authentication (2FA) is all the rage, and is sometimes useful, its downsides are often overlooked.
What is 2FA?2FA forces the person logging into an account to provide a 2nd factor, beyond the password, to gain access. Normally it is something you know (a password) and something you have (a special device like a YubiKey or your phone). The hacker trying to get in needs both. However, they can spoof your phone, so though it helps, it is not the best method. You can sometimes use your Email instead of the phone and I prefer it. Often the account will place a cookie on your computer so you bypass the second factor, if you are logging in from the same computer or IP address.
When is it useful?
These might not be the only places where 2FA is useful, but I can't think of any others. So, essentially, if you use a password safe and have good random passwords, and use a VPN (I recommend Tunnelbear), then you might not gain any advantage from using 2FA in most places.
The 2FA downsideSo why not just use it and get the added benefits? The problem with 2FA, especially to your phone are these:
Mitigating the problemsI strongly recommend that you make sure your estate executor, sibling, trusted best friend, or spouse has the password to your password safe and can get into it. I not only have my password in a friend's password safe, but even send him an updated copy of my entire Keepass database quarterly. Be sure your PHONE password is in it. Be sure others can access your stuff in case of an emergency.
If you are using an email address for the 2nd factor, then it is better to have it outside your company. So, an email second factor to your personal account is better, if you are protecting against someone who has already breached your office server.
What I doI do not use crappy passwords. Mine are usually 31 characters, using symbols, and random. I use a VPN when connecting via restaurants or motels. I don't do banking from a mobile device at all, and definitely wouldn't do it without a VPN. I don't have to login to a potentially vulnerable office server. So, I normally avoid 2FA, and use my email instead of my phone when it is required.
Date: October 2019
![]() This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License. |
||
|