Trouble in Paradise as Cyber Attackers Circumvent 2FA

Discussion in 'privacy technology' started by ronjor, Sep 14, 2017.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    60,865
    Location:
    Texas
    By Markus Jakobsson on September 14, 2017
     
  2. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,329
    Location:
    UK
    Not all 2FA is equal. Everyone knows SMS (and biometrics) is a disaster area.

    Yet the adoption of the cheap and relatively privacy friendly U2F dongle (Fido, which is not just Google), has been glacial in the market. And the reason for this is that the corporates desperately want your mobile phone number and hopefully face-print and finger-print, because they then "have" you. With a U2F dongle they don't - who cares that their schemes are inadequate because they don't get hit with sufficient liability claims.
     
  3. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    875
    When you turn a new iphone on for the first time it is like being arrested.
    Put your thumb here. Turn your thumb this way turn your thumb that way.
    Hold the phone while it takes your picture.
    Speak this phrase into the phone so it can collect your voice sample.
    Its almost funny, but not.
     
  4. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,821

    U2F all the way!
     
  5. mattdocs12345

    mattdocs12345 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    1,816
    Location:
    US
    I use Yubikey.
     
Loading...