Using Popular Two-Factor Authentication - Leaves Fingerprints?

Discussion in 'privacy technology' started by anniew, Jun 15, 2015.

  1. anniew

    anniew Registered Member

    Joined:
    Mar 15, 2013
    Posts:
    92
    This question came up today...

    For added security it seems reasonable (imperative?) to implement a two factor authentication (2FA) mechanism.

    Google, Microsoft, etc. have been out some time with their protocols. There are third party products like RSA, Yubikey that also can be used.

    From the point of view of minimizing one's online profile, does the use of these mechanisms leave a "fingerprint" that would associate the user to the various services in which 2FA was employed?

    Is one service superior in this regard (i.e. no fingerprints)?

    Don't know how this works and thought someone here would have some insight.

    Thanks.
     
  2. Techwiz

    Techwiz Registered Member

    Joined:
    Jan 5, 2012
    Posts:
    539
    Location:
    United States
    The obvious concern here is that a company like Google could link your online activity on a personal computer (i.e., IP address, websites visited, and your user name when you sign in) to your mobile device (i.e., mobile number, google account used to setup your android device, etc.). If you are really worried about this and your an android user, you might consider:
    • not connecting to your home network with you mobile device
    • not allowing cloud back-up in android (as this saves your network information).
    • not using your main Google account to setup your android smartphone, tablet, etc.
    Just signing into those accounts from your personal computer on your home network for one session and doing the same on a mobile device for another session is sufficient for them to link you computer, your home network, and mobile device together. Even if you sign-out of applications on your mobile device, clear your browsing history, etc. the google account, apple ID, and mobile payment information used by your mobile device can be used to identify and trace you. Another area you might be overlooking is the switch to agnostic communication platforms for e-mail, etc. These platform intelligently scan and sort through your e-mails for "user convenience". What is happening is they are automating the process of reading through your e-mails, so that they can offer users neat services like automatic face pinning in photos and other privacy nightmares. I don't think the companies doing this are necessarily evil, but you have a right to be concerned if you value your privacy. I've come to associate the terms: easy, quick, and convenient with red flag warnings about security and privacy.
     
  3. anniew

    anniew Registered Member

    Joined:
    Mar 15, 2013
    Posts:
    92
    @Techwiz - thanks.

    Certainly, given what you said, it is a good argument to use a third party authentication other than one of the biggies who already may collect a large amount of data. Using none at all or a home grown solution has its own risks or problems, but is an option for those of us with the greatest concerns for privacy / anonymity.

    Was wondering how much of a finger/foot print it leaves?

    For example, google's authenticator... does it only "know" that a given identity uses x application or service because of the associated request to authenticate? Or, does it's "knowledge" extend beyond that, and gets to know the userid on that service, and/or potentially other information (e.g browser info, os, etc)?
     
Loading...