2 Factor Authentication: Is what I have enough?

Discussion in 'other software & services' started by chinook9, May 29, 2016.

  1. chinook9

    chinook9 Registered Member

    Joined:
    Jan 27, 2008
    Posts:
    444
    I recently learned of LastPass Authenticator and I read up on it and other similar 2FA apps (especially Authy). Initially, I thought I should use one of these 2FA apps, but I just realized, because I only use "trusted" PCs, I probably would not use the 2FA app.

    Wherever (LastPass, Hotmail, G-Mail) I would use a 2FA app, I use a PC that has already been designated as "trusted" on these sites. I don't think the 2FA app would ever get used. Am I missing anything?
     
  2. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,446
    Location:
    Slovenia
    It will give you additional protection if your login data gets compromised. Somebody trying to login with your credentials wouldn't be able without 2FA token. So you won't be using it all the time but will still get extra protection.
     
  3. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,098
    Location:
    USA
  4. chinook9

    chinook9 Registered Member

    Joined:
    Jan 27, 2008
    Posts:
    444
    Thank you both for your responses. I plan to pilot test 2FA, using Authy, on one of my e-mail accounts and go from there.
     
  5. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,789
    Location:
    The Netherlands
    BTW, I have a question. Certain sites will let you sign in via Google Authenticator which works via smartphone. But there are also certain desktop tools available so that you won't have to use your phone. My question is, will for example a tool like Authy for desktop work with sign in codes that are generated for Google Authenticator? I'm completely new to this.

    https://www.androidauthority.com/best-two-factor-authenticator-apps-904743/
    https://authy.com/blog/introducing-authy-for-your-personal-computer/
     
  6. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,112
    If the site uses the TOTP (Time-based One-Time Password) protocol you should be fine.
     
  7. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,789
    Location:
    The Netherlands
    Can you explain it a bit more, how to figure this out? All I know is that these sites will send a code to the Google Authenticator app, and there are certain extensions who can also receive these codes, but I prefer to use Authy since it's also available on the desktop, while Google Authenticator is not. And I'm not sure if you can trust these extensions, so it's tricky stuff.
     
  8. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,112
    When you set up 2FA just try to add the shared secret (either a QR code or string) in both Authy and Google Authenticator.

    If they then generate the same 6 digit code (every 30 seconds) you can use Authy instead of Google Authenticator.
     
  9. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,789
    Location:
    The Netherlands
    OK thanks, will check it out. And what is your opinion about WinAuth, perhaps this is a better option?

    https://winauth.github.io/winauth/index.html
     
  10. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,789
    Location:
    The Netherlands
    BTW, I see that 1Password also works with Authy. I still need to test both Authy and WinAuth, perhaps I can use them both. I'm also planning to buy a YubiKey to protect stuff like Instagram, Gmail, Yahoo Mail and Google Drive. The reason why I wasn't using 2FA on many sites is because of the smartphone requirement, I freaking hate it. So this stuff should fix it.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.