Two-factor authentication: What you need to know (FAQ)

I use two way authentication in most of my important accounts.

 

There goes your anonymity.

I hope this does not become a common thing, or I'm just gonna have to stop creating accounts to websites all together.

 

Personally I prefer authenticator applications like Microsoft recently (finally) introduced for Microsoft accounts. But I don't see where the anonymity is being lost, a phone number is as anonymous as an IP address.

 

Your account is associated with your phone number so if your number is tied to your name or location which it is if you use that same phone for daily life. Let's say everyone website is using this new security and you have to give your phone number for a website, let's say BustyAsianBeautys.com. Now your account here is linked to your phone and data mining companies will put all this information together "they will", and thus you go on the record forever as psychologically perverted and you will see suggestive items pop up on your computer browser and amazon account which will be tied to your IP.

Your IP is as good as your name.
Your Phone Number is as good as your name.
The Internet never forgets.

 

You kind of proved my point by referring to the IP address. It's the exact same thing as navigating to a site. IP addresses aren't private, neither are phone numbers - they can both be randomly guessed.

 

I think phone numbers and IP Addresses are substantially different. Roughly...

Phone Numbers: Static assignments, very inconvenient to change, in countless databases along with personal and personally identifiable information, heavy selling, affiliate or joint marketing agreement exchanging, etc of such databases (at least in the US), so forth. If a company can acquire your phone number it stands a good to guaranteed chance of being able to lookup your personal information and probably far more.

IP Addresses: Sometimes static but frequently not for residential customers, often very easy to change, can also be temporarily changed via anonymous proxies, in countless logs and probably in some databases along with personal info, but due to IP Address assignments so frequently changing and ISPs normally not selling IP Address assignment information, they *should* be a significantly less reliable means of acquiring more information about the user.

The key point to remember is that many people (should!) want to use various Internet resources without exposing their identity... without giving those Internet companies a reliable means of *appending* information. In such situations, giving out your phone number is extremely unwise. In general at least. One must consider other ways in which they might be compromising their identity and info.

 

IP can be masked by Proxy or VPN very easy, doing the same with mobile phones is much harder. Hence why the whole thing is coming into practice as a breach of everyone's privacy. Example number one would be Gmail requiring you to give a mobile phone number when you sign up now in most countries. Once you do this your phone number your identity all your Google searches your buying and selling history on almost all websites. Now even when you use a VPN if your logged into Google, Google still knows, Google still follows, and Google still judges.

 

Agree. I would not use SMS 2FA for any accounts I wanted anonymity with.

PD

 

Also, these days a phone number is generally tied to one person only. IP addresses are usually shared among people in the household.

 

I think one of the best, and most anonymous 2 factor ID methods I've seen is being used in LastPass. They generate a grid with letters and numbers at different coordinates. You print out the grid, and whenever you log in to LastPass, they ask for your password as well as the letters/numbers at a certain grid coordinate. Perfect system for anonymity.

 

Good tip, thanks.

PD