A hacker compromised several Reddit accounts to prove it needs 2FA

Discussion in 'other security issues & news' started by Minimalist, May 14, 2016.

  1. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
  2. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    982
    Location:
    UK
    for 2FA, it needs to be something that doesnt cause too much hassle to the end user, e.g. I dont want to have to unlock my phone, connect it to wifi/4g (if not already connected), load an app, and then key in some code just to login to a forum, its excessive.

    I would support something like a login key that's stored in my browser and sent automatically when required, akin to SSH keys. Startssl use login keys.
     
  3. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    You don't need WiFi/4G if you setup something like Google Authenticator right. And I always use my smartwatch for that.

    ...Basically a second password that is stored along with cookies within your browser? I wouldn't find it as convenient myself, but whatever floats your boat.

    TBH, I'm thinking of switching back to texts cause I have unlimited and it would notify me whenever someone has the right password...
     
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I know what you mean, 2FA is good for security, but in certain cases it can be annoying. For example, certain banks and brokers ask for a code for every single transaction, that's overkill to me. Plus I also don't like to use my cellphone, I rather use a hardware or software token, that's tied to a single machine.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.