A hacker compromised several Reddit accounts to prove it needs 2FA

Discussion in 'other security issues & news' started by Minimalist, May 14, 2016.

  1. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,067
  2. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    772
    Location:
    UK
    for 2FA, it needs to be something that doesnt cause too much hassle to the end user, e.g. I dont want to have to unlock my phone, connect it to wifi/4g (if not already connected), load an app, and then key in some code just to login to a forum, its excessive.

    I would support something like a login key that's stored in my browser and sent automatically when required, akin to SSH keys. Startssl use login keys.
     
  3. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    You don't need WiFi/4G if you setup something like Google Authenticator right. And I always use my smartwatch for that.

    ...Basically a second password that is stored along with cookies within your browser? I wouldn't find it as convenient myself, but whatever floats your boat.

    TBH, I'm thinking of switching back to texts cause I have unlimited and it would notify me whenever someone has the right password...
     
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,035
    Location:
    The Netherlands
    I know what you mean, 2FA is good for security, but in certain cases it can be annoying. For example, certain banks and brokers ask for a code for every single transaction, that's overkill to me. Plus I also don't like to use my cellphone, I rather use a hardware or software token, that's tied to a single machine.
     
Loading...