More or less. I believe there are people more important than me who don't use MFA, they just use passwords, and simple ones at that. And do you know anyone in my family who uses MFA? No one does, believe it or not, only I use MFA. 99% of my accounts are protected by MFA, access keys and also YubiKey. My family members must have accounts protected by MFA because I activated it lol.Military-level
I was using sms 2fa for some accounts before; after finding no one is trying to hack me, I stopped, especially I have read sms 2fa is not that secure and can be cirumvented, although I do not get the exact mechanism to do so.More or less. I believe there are people more important than me who don't use MFA, they just use passwords, and simple ones at that. And do you know anyone in my family who uses MFA? No one does, believe it or not, only I use MFA. 99% of my accounts are protected by MFA, access keys and also YubiKey. My family members must have accounts protected by MFA because I activated it lol.
Yes, it is indeed unsafe to use SMS-based MFA. The most commonly used method by attackers is SIM swapping, which is a technique used by attackers to take control of your phone number. There are other methods, such as attacks on the Signalling System 7 (SS7) and social engineering.
The attacker will find my e-mail inbox empty, my social media account with no friends, and will obviously add my to charity lists when find out my bank balanceI only recommend that people use MFA with a time-based authenticator if you back up your data. If you don't back up your data and uninstall the app, and also run the risk of losing your backup, I don't recommend activating MFA, otherwise you'll have a bigger headache trying to recover your accounts, as they will be locked and you will lose access to them.
Yes, it is indeed unsafe to use SMS-based MFA. The most commonly used method by attackers is SIM swapping, which is a technique used by attackers to take control of your phone number. There are other methods, such as attacks on the Signalling System 7 (SS7) and social engineering.
Don't you use KeepassXC? If you do, it has MFA, although I don't recommend putting all your eggs in one basket. If you keep it offline and a copy on a memory card, you can activate MFA without any problems on any account, and you'll be safer and better off than not having MFA, and KeepassXC still works offline. Try it out one day, it's not rocket science.The attacker will find my e-mail inbox empty, my social media account with no friends, and will obviously add my to charity lists when find out my bank balance
Inconvenient? You do know what you're not required to enter 2FA code every single time you sign in? If you're signing in from the same device you were signed in before, you just need to enter the password. 2FA codes are only used in cases when website doesn't recognize new device or IP address. For rest, just password is used.I did not decalre their uselessness; they are just inconvenient, especially for less tech aquainted users, and for diseased users like me
You didn't store the backup of the backup of the backup somewhere deep in the mountains of Switzerland?????????????Yes, but I also have backups elsewhere, such as on a memory card encrypted with a different password from the main backup, I have a backup on my offline KeePass on another USB stick, and I have an extra battery for my device in case it no longer holds a charge. As it has an AMOLED screen and I only use it for MFA and don't use the device all the time, the battery lasts a week. It would be very unfortunate if I had problems all at once and, for some reason, also lost the backup. It is always better to be safe than sorry. So, the backup saves my skin in these situations. the backup file is small and then you just import it into Aegis on another device and it takes less than 5 minutes to send the file via Bluetooth and that's it, imported into Aegis and back up and running on another device, without any effort or internet access because I save the apk apps on my memory card so I don't need access to the store to install them. I'm not stupid, I take a lot of precautions when it comes to backup. The only thing I can't forget or lose is my master password. Other than that, everything is safe and backed up with encryption.
I use it for generating and storing passwords.
I haven't visited the Proton site yet, so does Proton auth app import already saved 2fa data from other apps...?? Last time I looked at switching apps, importing data was problematic iirc
Check out the thumbnail image on my post, and see if that helps answer your question.
malwaretips.com
proton.me
Thanks, "Easily import your existing codes..." I'll try it and see if it works for meCheck out the thumbnail image on my post, and see if that helps answer your question.
New Update - Proton launches free standalone cross-platform Authenticator app
https://www.bleepingcomputer.com/news/security/proton-launches-free-standalone-cross-platform-authenticator-app/ Proton has launched Proton Authenticator, a free standalone two-factor authentication (2FA) application for Windows, macOS, Linux, Android, and iOS. 2FA authenticator apps are...
Proton Authenticator: Private, secure 2FA authenticator | Proton
Protect your accounts with Proton Authenticator, an end-to-end encrypted, open source, and ad-free two-factor authentication (2FA) app available across devices.
Yes, in the mountains of Switzerland on the border with Italy, from here I can see the whole landscape and admire it.
BTW, at no point did I say that you are paranoid. If you are referring to me as a paranoid user, no problem, I don't sweat it, let it roll, I don't care.
So, you use a different form of verification than I do. I use MFA, access keys, and YubiKey for all accounts that accept security keys, and I use the Advanced Protection Programme for all my Google accounts. I have backup codes, but I've never needed to use them. I don't usually leave sessions open and save cookies in the browsers I use. For most services, I open my email account or other service in a new private window, so every time I log in, I need to enter the MFA token again or touch my YubiKey with my finger to access my account. I'm not too lazy to pick up my phone and see which token I'm going to enter. Yes, now I'm more relaxed about backup because I have a lifetime licence for Proton Pass, which I bought a few years ago when the product was launched. I don't have any security issues. When I installed two AVs at the same time and other tools, it was just out of curiosity on my part.because I use multiple way of verification for my accounts; e-mail, phone, 2FA codes, backup codes, device verification and such. Even if I lose the access to 2FA, I could still sign in without any problem to my accounts. You're doing exactly the same I did before, until I actually find my peace and realized that no one is going after me and there's no need for having backup of backup of backup of backup spread across 10 different cloud services. Same goes for my PC security config; I used to use million 3rd party security tools; after I realized that they just sit in the background doing nothing except using system resources, I just got rid of them all and left just default antivirus and firewall. 0 problems.
I like to be paranoid, just too fatigued to do so
No hard feelings, but this is paranoid behavior. Keeping backup on 100 different locations and backups of backups on another 100 locations. It's just too much. I'm not saying you're doing it, it's just hyperbole.
See? This is what I'm talking about. This is paranoid behavior. Always using private window and singing in again and again because you're afraid of cookie theft. No doubt cookie theft exists and there were attacks like this, but take a look who was the victim and how they were hacked. It's really important to see how exactly they were infected so you won't make their mistake.
Maybe it's better it stays that way. I know people that were so paranoid they had a lot of security software installed which ultimately helped them get infected/hacked. The more software/services you use, the greater are chances of getting infected/hacked. No software/service is immune to bugs and by using a lot of them, you're essentially opening more ways for them to get you.I like to be paranoid, just too fatigued to do so
You're absolutely right. Thanks
If people are celebrities, they don't worry so much about it, so why am I, an ordinary person, so concerned about MFA? Paranoid? Maybe it's the placebo effect? Maybe both at the same time. Don't worry, this month I'll clean up the extras and rest my head, literally speaking, of course.
I'm truly sorry if I offended you in any way, that really wasn't my intention. My intention was to show you (and others) there's no really need for doing so much backups. If anything, saving data on multiple locations can make you more vulnerable to any data leak. Same goes for using multiple security software (which I saw some of members here use); more software = more security bugs.You're absolutely right. Thanks
