LastPass is in the midst of a major outage

[ForgottenSeer 823865]

Do you use 2FA on every site? I don't.

I do when available, especially those containing sensitive infos like passwords...password managers sites/apps are those where 2FA are the most important.
If you don't then this is your fault if you are compromised, you avoided using a strong security feature for convenience.

 

[TairikuOkami]

People do not realize, that 2FA is also a great way to loose access to an account, I learnt it the hard way. I avoid it whenever possible. Besides 2FA is only secure when using an email, not an easily compromised SMS verification, that is being slowly abandoned in the favor of app verifications.

German banks refuse to support authorization by one-time SMS-code - Adware Guru

Several German banks have announced plans to abandon the use of one-time SMS passwords as a method of authorization and transaction confirmation. The reason for the refusal of one-time SMS passwords is the new EU legislation, which will come into full force on September 14, 2019. Handelsblatt...

adware.guru

 

[ForgottenSeer 823865]

People do not realize, that 2FA is also a great way to loose access to an account, I learnt it the hard way. I avoid it whenever possible. Besides 2FA is only secure when using an email, not an easily compromised SMS verification, that is being slowly abandoned in the favor of app verifications.

German banks refuse to support authorization by one-time SMS-code - Adware Guru

Several German banks have announced plans to abandon the use of one-time SMS passwords as a method of authorization and transaction confirmation. The reason for the refusal of one-time SMS passwords is the new EU legislation, which will come into full force on September 14, 2019. Handelsblatt...

adware.guru

2FA isnt only sms verification. Could be, as you mentioned, via app, email, etc...
Usually when you activate 2FA, the system give you backup codes, so it shouldnt be a concern.

 

[amir 957]

Thank God i switched to Bitwarden as soon as i heard about it
i still prefer Dashlane over Lastpass, much better

 

[Brye]

I tryed using LastPass a long time ago but after a while I got tired of it and went back to writing the passwords on paper and storing it in a safe place. I haven't missed it ever since!

 

[TairikuOkami]

2FA isnt only sms verification. Could be, as you mentioned, via app, email, etc...
Usually when you activate 2FA, the system give you backup codes, so it shouldnt be a concern.

The problem is, people think, that if they forget it, they will just receive an email/SMS, but they will need to provide 2 means of a verification. My password manager got corrupted as well as backups, so I had no passwords, no emails and no recovery codes. Talk about a catastrophic failure.

 

[shmu26]

The problem is, people think, that if they forget it, they will just receive an email/SMS, but they will need to provide 2 means of a verification. My password manager got corrupted as well as backups, so I had no passwords, no emails and no recovery codes. Talk about a catastrophic failure.

The bigger they are, the harder they fall. Yes, that is catastrophic.

I personally dislike 2FA, it's too much hassle and delay and complications. I have an American bank account that won't even let me view my bank account without a code sent by SMS. However, since I am overseas, their system might send me the SMS an hour later, or never. Luckily, I can opt for a voice call, which usually works (if I have cell reception!).

 

[TairikuOkami]

However, since I am overseas, their system might send me the SMS an hour later, or never.

That does not sound like a good bank. I have a bank in other country and I receive SMS ASAP, as well as from Facebook, Google, Discord or Russia.

It is long past due to transition to hardware and biometric-based logins.

Biometrics sounds great, but that is also just a password, but it is a password, you can never change, fingerprints or eyes are usually for life.

 

[shmu26]

That does not sound like a good bank. I have a bank in other country and I receive SMS ASAP, as well as from Facebook, Google, Discord or Russia.

Biometrics sounds great, but that is also just a password, but it is a password, you can never change, fingerprints or eyes are usually for life.

It's a terrible bank, but since I hardly use it, I didn't bother changing.

And fingerprints are also easy to steal, unfortunately. A good photograph is enough for a hacker to steal your fingerprint, or a glass cup that you picked up. I don't think they hacked eyes yet, but it should not take too long, if it would be profitable.

 

[ForgottenSeer 823865]

And fingerprints are also easy to steal, unfortunately. A good photograph is enough for a hacker to steal your fingerprint, or a glass cup that you picked up. I don't think they hacked eyes yet, but it should not take too long, if it would be profitable.

come on...you watch to much spy movies...who will go through the hassle to do that, i want your money, i go kidnap your wife/kid or put a gun at her head while you do the transfer to some bitcoin account...

 

[shmu26]

come on...you watch to much spy movies...who will go through the hassle to do that, i want you money, i go kidnap your wife/kid or put a gun at her head while you do the transfer to some bitcoin account...

They hacked Angela Merkel's fingerprint, Chancellor of Germany, just from a media photograph. And I didn't need to watch a good spy movie to know that.

German minister fingered as hacker 'steals' her thumbprint from a PHOTO

Merkel's iris print could be next

www.theregister.co.uk

 

[TairikuOkami]

They hacked Angela Merkel's fingerprint, Chancellor of Germany, just from a media photograph.

You do not even need to steal a real fingerprint. Biometrics is stored as a hash, because a computer has to compare it to something. A hack will do.

 

[Divine_Barakah]

People do not realize, that 2FA is also a great way to loose access to an account, I learnt it the hard way. I avoid it whenever possible. Besides 2FA is only secure when using an email, not an easily compromised SMS verification, that is being slowly abandoned in the favor of app verifications.

German banks refuse to support authorization by one-time SMS-code - Adware Guru

Several German banks have announced plans to abandon the use of one-time SMS passwords as a method of authorization and transaction confirmation. The reason for the refusal of one-time SMS passwords is the new EU legislation, which will come into full force on September 14, 2019. Handelsblatt...

adware.guru

You've got a point here. Personally I scan 2FA QR Code with Enpass Password Manager and then withy Authy (as a plan B). Most websites give you a list of Backup Codes in case you lose access to your OTP generator. I do not print them usually, but I print the most important ones like Gmail.

 

[shmu26]

They are working on embedded micro-chips (as in embedded in your flesh) as well as DNA-based authentication.

And guess what ? You're gonna have to register with your local security services to activate those types of authentication so as to get a "digital" passport to use digital services. Oh yes. It is coming.

I don't want to undergo minor surgery every time the chip gets corrupted or the data gets compromised or they decide to change security requirements.

 

[shmu26]

I'm betting they're sorting all of the out now. Plus, governments of the future aren't going to give you the option to opt-out. The digital world is changing everything - especially notions of privacy, anonymity, government tracking and fundamental rights.

If the government thinks they can require citizens to implant a chip in order to buy food or pay bills or receive basic services, then they better take another look at the Constitution. No politician who even talks about such a requirement will get re-elected.

 

[Divine_Barakah]

Authenticator 2FA is a huge liability for time-sensitive financial accounts. Just go ahead and lose your phone or run into a problem where you cannot use the authenticator app - meanwhile the markets are volatile and moving fast. Customer support at any financial institution or exchange will tell you "you have to recover your account and that take a minimum of 4 days." By the time you get your account back you most likely will lose money while you were locked-out.

Exchanges, for example, will not accept seed codes because they figure that they could have been stolen.

That is why emerging authentication using hardware and biometrics is the best balance of security and little chance of account lockout.

Authy lets you sync your 2FA keys across devices. I have set a password to encrypt Authy backup and this password is printed and stored safely in my room. I believe what I am doing makes a very little chance to lose access to my accounts. It is now part of my security routine if I may say that. I do not have access to sophisticated hardware authentication in my country.

 

[shmu26]

Notions are changing. And the Constitution won't prevent any of it. The FBI needs no warrant to hack you or any of your digital devices. The US Supreme Court ruled that almost 20 years ago.

Technology is changing society and the laws governing the world need to change to reflect the technological realities.

You are registered with the government the day you are born, right ? Been like that going back literally hundreds of years. A chip implant with a diameter no greater than that of a standard diabetic needle will be widely accepted by the population if it gives them some benefit. Mark my words. Perhaps not in your lifetime, but all of this sort of thing is coming.

Maybe 19-year-olds think it's cool to have a chip implanted in them, but ask their parents about it. Reminds me of concentration camp inmates with tattoo numbers on their arm. I guess we will see what happens. I can't deny that concepts are changing.

 

[shmu26]

China has already openly stated that it is going to use blockchain to register and track every single one of the nation's citizens.

Everyone is trackable using a paper system. Technology only makes that process much more effective, efficient and speedy.

It is typical for China to do something like that, and that's exactly the difference between China and Western democratic countries. But I am drifting off into politics, and soon I will dabble in religion. I try not to talk about religion on forums, lol. So I concede your point as a possibility for the future (when people who think like me are not around...)

 

[Divine_Barakah]

You are smart. Most people only have a single device and if they have more they don't sync.

In this day and age, one smart phone is not enough - especially if you are an online trader or there is a critical need to have guaranteed access. One has to have a readily available backup device to ensure continuity of access in case of unforeseen problems.

You don't need to have more than one smart phone to sync your 2FA keys. Authy supports Windows, Mac and even comes as a Chrome app. I have installed it on my Desktops and Laptops, enabled backup and have chosen a 30-digit very complicated password. The windows program is also protected with a master password. Many people might question the security of Authy (as your data is synced to the cloud) but come on, I will take my chance rather than risking being locked out of my 2FA stored in Google Authenticator (which does not offer sync functionality) for example.

 

[Divine_Barakah]

Yes. Of course you are right. I didn't explain I was talking about an phone nomad.

I don't carry a laptop with me. So there's a second backup phone in the auto glove compartment with an Anker battery.

You know, alternatively one can print the 2FA QR codes and store them somewhere safe. It is not a big deal. But I am pretty sure that using a password as the only line of defence is not sufficient. I guess the 2FA keys are store on the website's servers right? they might also get hacked?