2 factor ID?

Thanks for the tip. That's not crude, that's genius :).

I don't have the old QR code for the token of my old phone, but what I may do is instead of using authy, do use the print and save method and use FreeOTP. I like FreeOTP for the simplicity, plus open source too.
 
Printing the QR codes seems inconvenient to some, but remember that security and convenience are two ends of the same seesaw. When one goes up the other goes down.

In most cases, more convenience increases the attack surface of the system. That's why it's not a good idea to let one's password manager also handle 2FA. I want them totally separate so if one is compromised the other is not.
 
Last edited:
Nightcap said:
Does anyone use both Mint and two-factor-authentication on, say, their Vanguard or banking sites? I can't see how that would work.
Click to expand...

I have 2FA at Fidelity, which uses the VIP Access app on my Android smartphone. I don't know about Mint, but when I login to Personal Capital, it asks for the 6-digit code, same as if I was logging in to Fidelity.

But if you were using an account aggregator site to automatically log on for you and send push reports or some similar functionality, obviously that would not work if you have 2FA at your financial institutions.
 
Chuckanut said:
Printing the QR codes seems inconvenient to some, but remember that security and convenience are two ends of the same seesaw. When one goes up the other goes down.

In most cases, more convenience increases the attack surface of the system. That's why it's not a good idea to let one's password manager also handle 2FA. I want them totally separate so if one is compromised the other is not.
Click to expand...


I like the printed method. The manual process I feel puts me in control.

I scanned to QR for Teamviewer 2FA. Saved a paper copy of the QR in a folder along with digital copy of the QR on a CD-RW.

I'm back in the game :dance:.
 
2FA Only Works Half-Way for My Email

Over the weekend, I've been tightening up access to my accounts with 2FA.

My latest hobby is now collection QR codes as I have five accounts set up now in an authenticator app.

However, ran into an instance with SMS 2FA where the result is only half working. I turned on 2FA for my Comcast email and verified that is on as when trying to access to get my email from their web portal, as expected, I get prompted to enter a code texted to me on my phone.

Then I thought, this could be a problem as usually for my emails, I use an email reader, not go through the portal. So, I test by sending some emails from another email to my Comcast email expecting some kind of blocking or error to encounter. But, nope, email goes through.

To be certain, I ordered something from Amazon (was going to order anyhow) and yes, the email confirming my purchase goes right through to my Comcast email.

So, now I'm thinking, unless I'm missing something, if a hacker stole my user id / password on my Comcast account, despite me having 2FA turned on, what's stopping the hacker to just use a mail reader to retrieve my emails? :facepalm:
 
2FA would not affect emails read with a program (IMAP or POP3). You're right that 2FA is not a universal protection, but do keep in mind that your password is the first line of defense, so make sure it is strong and not used for any other accounts.
 
jonat said:
2FA would not affect emails read with a program (IMAP or POP3). You're right that 2FA is not a universal protection, but do keep in mind that your password is the first line of defense, so make sure it is strong and not used for any other accounts.
Click to expand...


Glad you also see what I see about IMAP or POP3 as I was scratching my head.

Reading, looks like there might be some way to configuring gmail together with email clients (examples I've seen are with Outlook and Thunderbird, neither which I'm using) to add 2FA for getting emails with them. But may just be me, but doesn't look easy. Something about generating an app password to use.
 
Chuckanut said:
Printing the QR codes seems inconvenient to some, but remember that security and convenience are two ends of the same seesaw. When one goes up the other goes down.

In most cases, more convenience increases the attack surface of the system. That's why it's not a good idea to let one's password manager also handle 2FA. I want them totally separate so if one is compromised the other is not.
Click to expand...
You sound like you might have listened to an episode or two of Security Now! It's the only podcast I manage to listen to every episode, without fail.
 
I was going to write that app passwords don't help, but in a way they do. For example, Gmail is my email provider, and I use 2FA with Google. I have to generate a unique "app password" to configure my email client. Even if someone learns my Google password, they won't be able to get at my email.

I don't know of a setup that asks you for the second factor when sending or receiving email in an application.
 
You must log in or register to reply here.

Similar threads

Z
How Is OEM Windows License Transferred To Different PC Owner?
Replies
19
Views
452
zl55lz
Z
Jimmie
Need to track network data usage by device
Replies
21
Views
525
Qs Laptop
Qs Laptop
jollystomper
Built a NAS server after NAS-ty installation experiences
2
Replies
28
Views
766
The Cosmic Avenger
The Cosmic Avenger
M
Home Network - 2.5Gbps Switch on a 1Gbps Network?
Replies
7
Views
832
mountainsoft
M
bjorn2bwild
Vehicle Theft Prevention
2
Replies
35
Views
770
bjorn2bwild
bjorn2bwild

Latest posts

Back
Top Bottom