|
The Off-Topic Lounge APPROPRIATE FAMILY-FRIENDLY TOPICS ONLY - READ THE RULES! This forum is for posting anything (excluding topics prohibited by the forum rules) that's unrelated to email. General discussions, in other words. |
|
Thread Tools |
6 Aug 2016, 03:03 AM | #1 |
The "e" in e-mail
Join Date: Apr 2011
Location: Manchester UK
Posts: 2,616
|
Which Form of Two-Factor Authentication Should I Use?
|
22 Aug 2016, 09:38 PM | #2 |
Senior Member
Join Date: Dec 2014
Location: Central City
Posts: 162
|
I like e-mailed codes.
|
22 Aug 2016, 09:50 PM | #3 |
Essential Contributor
Join Date: Oct 2013
Posts: 413
|
An opensource app like freeotp is always the best.
|
23 Aug 2016, 09:58 AM | #4 |
Senior Member
Join Date: Dec 2014
Location: Central City
Posts: 162
|
|
23 Aug 2016, 10:58 AM | #5 |
Ultimate Contributor
Join Date: Dec 2001
Location: Canada.
Posts: 10,355
|
I have found that that the best form of 2FA to use is none at all!
When trying to get a local sim card to work, a couple of years ago (we were in the UK) we were forced to use 2FA to receive a code by text message. The text message never arrived and we were screwed (although I always carry a backup phone) 2FA is great when it is the choice of the user. When it is forced on you (and it does not work) it is an abomination. |
23 Aug 2016, 04:48 PM | #6 | |
Essential Contributor
Join Date: Oct 2013
Posts: 413
|
Quote:
|
|
1 Sep 2016, 08:52 AM | #7 |
The "e" in e-mail
Join Date: Jun 2004
Location: in between the bright lights and the far unlit unknown
Posts: 2,341
|
I would say SMS at first reaction. The idea of an emailed code confuses me ; wouldn't that come down to needing to check a code emailed to mailbox A before you can log in to mailbox B?
Also, if one is really suspicious, a mailbox is a virtual "posession" while a Phone is a physical one. I'd trust that more I think ; isn't the whole point of 2FA to have a code sent through a device no one else can possibly access? |
1 Sep 2016, 07:00 PM | #8 | |
Essential Contributor
Join Date: Oct 2013
Posts: 413
|
Quote:
Interesting: https://techcrunch.com/2016/07/25/ni...tication-over/ Last edited by jl66 : 1 Sep 2016 at 07:06 PM. |
|
1 Sep 2016, 08:09 PM | #9 | |
The "e" in e-mail
Join Date: Jun 2004
Location: in between the bright lights and the far unlit unknown
Posts: 2,341
|
Quote:
In any case, using an SMS for 2FA is still a lot more secure than not having 2FA at all, right? (the majority of people will not even use 2FA, since this is something only the ones savvy about security will be concerned about ... Most of my acquintances wouldn't even know what 2FA means) If one really wishes to play safe, a token is probably the best bet, but if you have a free account at a provider who offers 2FA (for example Gmail) it would be odd that they'd send you the token with it. And a token, being quite small in size, may be easier lost than a mobile Phone. The problem with 2FA seems exactly that: what you know you cannot lose, what you have can be lost and then you're locked out of your own email account. |
|
2 Sep 2016, 01:33 AM | #10 | |
Essential Contributor
Join Date: Oct 2013
Posts: 413
|
Quote:
|
|