• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.

2 Factor Authentication

Companies using my data are making mega money from me I won't be a slave for the sake of 'safety' and 'security'.
My guy, you do realize by just being here on gaf, you are contributing to google and ad-makers making money, right? Do you own a PC/laptop? Well guess what, windows already sends data automatically. Theres is nothing in this world that will protect your privacy unless you cut off completely from the internet and just live in the mountains.
 
My guy, you do realize by just being here on gaf, you are contributing to google and ad-makers making money, right? Do you own a PC/laptop? Well guess what, windows already sends data automatically. Theres is nothing in this world that will protect your privacy unless you cut off completely from the internet and just live in the mountains.
No shit. The difference is, I choose to be here voluntarily and I gain value and entertainment from doing it. Thus it is a mutually beneficial exchange. 2FA is not required and when forced I choose to avoid that game or app. You can bet your arse that if GAF forced 2fa I wouldn't be posting here.
 
No shit. The difference is, I choose to be here voluntarily and I gain value and entertainment from doing it. Thus it is a mutually beneficial exchange. 2FA is not required and when forced I choose to avoid that game or app. You can bet your arse that if GAF forced 2fa I wouldn't be posting here.
Is it not beneficial to use an app that you need or want for your entertainment or for gaining value? You make no sense. If an app at your job or future job, or a game app, that offers you entertainment or money, requires 2FA, is that not the same as coming to gaf and selling your data for entertainment? Cmon. You gotta admit, the tin foil hat is a bit strong here.
 

Rox598

Member
It’s not that complicated. It is just a bit of setup.

Once that is done the “app” is the something you have.

I use the iOS macOS app and it is cloud based and synced on my devices.


There are ways to back up both the app set up and most sites with 2fa have a way to save backup codes.

SIM spoofing isn’t hard and it basically makes SMS 2fa totally ineffective.



Backup codes exist and the cloud bases Authenticator apps are recoverable.

It’s a measure against all the data leaks. If your HN and PW leak from a rando website you are protected by 2fa. Also using unique passwords and aliases will help.

These days it’s best to assume all companies will eventually leak your data. All the security you can get is better than being an easy target.

See I've been told you can "backup" the app but so far I've only see that there are ways to sign into the app again if you need too but all the accounts are empty.

Again this was my experience a few years ago and haven't looked into it since but still use 2fa via SMS even though I know sim spoofing is something that happens.
 

Nitty_Grimes

Made a crappy phPBB forum once ... once.
My work has it set up so that we have to use MS Authenticator but it does it in such a way that we have to authenticate Teams, Outlook, Office, Sharepoint and OneDrive all separately. It can be very annoying.
 
I fucking hate 2FA.
To log into my CRA account (Canada Tax stuff) for example, I first log into my bank account because that is used as my login, which requires 2FA, so they send a text to my phone. Then it takes me to the CRA page, which also requires me getting a text to my phone.
You have to do this every time and can't opt out.

On my CRA account, it used to be set to send me a phone call where they would verbally give me a code that you enter in. Call never came, so I clicked resend code. Call never came again, so I clicked resend again. Oops now I am locked out of my account for requesting a code too many times.
This shit is so stupid.

Meanwhile if I log into my bank on my phone, I can just use my face ID and don't even need to enter a password, let alone get a code.

I skip the bank method using option #2. I do still need to verifty via text from CRA. Have to do a bunch of security questions, but you can save the device (browser) as a known trusted source.

llnBECp.jpg
 

GymWolf

Member
I use the 4 factors one where i have to send a pic of my asshole for precise recognition.

Hackers really need to have zero dignity to steal from me.
 
I did. Luckily I never kept my card saved or anything though, and Sony was able to recover my account and block the IP address from the Network!
Should've 'worded' it instead as if you changed it instantly after the incident came to light. Regardless, good.

Sony did a monumental mistake and stored sensitive data in cleartext. A massive dump of PSN credentials were accessible on Pastebin, for a short while until it got wiped, and other shady places.

I use the 4 factors one where i have to send a pic of my asshole for precise recognition.

Hackers really need to have zero dignity to steal from me.
Malicious hackers already have zero dignity. Your asshole wouldn't deter a persistent one. Especially, if compromising you was greatly beneficial.
 

GymWolf

Member
Should've 'worded' it instead as if you changed it instantly after the incident came to light. Regardless, good.

Sony did a monumental mistake and stored sensitive data in cleartext. A massive dump of PSN credentials were accessible on Pastebin, for a short while until it got wiped, and other shady places.


Malicious hackers already have zero dignity. Your asshole wouldn't deter a persistent one. Especially, if compromising you was greatly beneficial.
So it's true that hackers are assholes uh?
 

daveonezero

Member
This thread sure is something else.

I appreciate some of the more outlandish posts. They reaffirm my belief in CyberSec & IAM job security :)

Right.

For the other naysayers and privacy concerns yes there is a finger printing risk but unless you are looking at your threat model to be completely anonymous the best security practices still apply even at the cost of a little anonymity.

Privacy/anonymity and security are not the same.

2fa is pretty low risk and ata high security. It’s the 2nd step after using a password manager.
See I've been told you can "backup" the app but so far I've only see that there are ways to sign into the app again if you need to but all the accounts are empty.

Again this was my experience a few years ago and haven't looked into it since but still use 2fa via SMS even though I know sim spoofing is something that happens.
I use OTP Auth on iOS. You can backup the file locally or iCloud sync.

Load up the file on a backup device and you have the codes for each account.

One time passwords are running an open standard.
 
Top Bottom