Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
2 factor ID?
Old 05-27-2017, 07:05 AM   #1
Thinks s/he gets paid by the post
Rustic23's Avatar
 
Join Date: Dec 2005
Location: Lake Livingston, Tx
Posts: 3,832
2 factor ID?

I have been playing with this for awhile now and I am not sure it is as safe as I thought.

First I have two devices to protect, an Iphone & Ipad. When I use my phone number as the destination for the 2 Factor Code (2fc), it goes to both devices. If I use say Google Authenticator the 2fc goes to both devices as that app has to be on both. So the code is going to the device I am authenticating on and thus is no more secure than using the password only.

Now I could keep the authenticator on one device only, say my Ipad, as it is the least likely to be stolen or misplaced. But then I have to carry both. Thus making it easier to loose.

So far, the solution I have found is to use Lastpass Authenticator and have it use a pin to open/fingerprint to open.

Has anyone found a better work around?
__________________

__________________
If it is after 5:00 when I post I reserve the right to disavow anything I posted.
Rustic23 is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 05-27-2017, 11:55 AM   #2
Full time employment: Posting here.
 
Join Date: Jul 2011
Posts: 764
Hmm, my knowledge on this is very limited but I also try to protect my data with 2fc and/or keeping some passwords secured on a Kingston Data Traveler thumb drive. As my SIL continues to reinforce to me, the easier you make it for yourself, the easier it is for the other guy. I guess the Last Pass is a solution that combines enough difficulty for you, to provide fairly good protection. I will be interested if others have a solution.

I am not sure it would be helpful for you but monthly I use the Yubico key to verify my Gmail/Chrome account. Perhaps it could be set up for daily use but so far this has worked OK.
__________________

davef is offline   Reply With Quote
Old 05-27-2017, 12:02 PM   #3
Thinks s/he gets paid by the post
Fedup's Avatar
 
Join Date: Mar 2014
Location: Southern Cal
Posts: 4,032
I haven't tried this yet. Still avoiding it.
Fedup is offline   Reply With Quote
Old 05-27-2017, 01:07 PM   #4
Administrator
Alan's Avatar
 
Join Date: Jul 2005
Location: Eee ba gum
Posts: 24,883
2FC on an iPhone is fine by me either as a text to the phone number or Google authenticator on the device because to access my iPhone requires my fingerprint or 8 character access code.

My bank, HSBC, uses its own authenticator built into its fingerprint protected app.

ETA
I have the notifications settings for text messages to not show on screen when iPhone is locked so a fingerprint is needed to read any SMS code that has been sent.
__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Enough private pension and SS income to cover all needs
Alan is offline   Reply With Quote
Old 05-27-2017, 02:32 PM   #5
Moderator Emeritus
braumeister's Avatar
 
Join Date: Feb 2010
Location: Flyover country
Posts: 13,396
Quote:
Originally Posted by Alan View Post
2FC on an iPhone is fine by me either as a text to the phone number or Google authenticator on the device because to access my iPhone requires my fingerprint or 8 character access code.
+1
Also, my Fidelity account and USAA Bank account both work with the Symantec VIP app on my phone, so to login to those accounts I have to input a six digit number that changes every 30 seconds. Pretty good security IMHO.
__________________
I thought growing old would take longer.
braumeister is offline   Reply With Quote
Old 05-27-2017, 02:39 PM   #6
Thinks s/he gets paid by the post
 
Join Date: Mar 2017
Location: New York City
Posts: 2,838
Quote:
Originally Posted by Rustic23 View Post
I have been playing with this for awhile now and I am not sure it is as safe as I thought.

First I have two devices to protect, an Iphone & Ipad. When I use my phone number as the destination for the 2 Factor Code (2fc), it goes to both devices. If I use say Google Authenticator the 2fc goes to both devices as that app has to be on both. So the code is going to the device I am authenticating on and thus is no more secure than using the password only.

Now I could keep the authenticator on one device only, say my Ipad, as it is the least likely to be stolen or misplaced. But then I have to carry both. Thus making it easier to loose.

So far, the solution I have found is to use Lastpass Authenticator and have it use a pin to open/fingerprint to open.

Has anyone found a better work around?
OMG i cant even google what you said to figure out what all this means. im positive i dont have anything protecting me except for windows defender and what ever is built into the ipad
__________________
Withdrawal Rate currently zero, Pension 137 % of our spending, Wasted 5 years of my prime working extra for a safe withdrawal rate. I can live like a King for a year, or a Prince for the rest of my life. I will stay on topic, I will stay on topic, I will stay on topic
Blue Collar Guy is offline   Reply With Quote
Old 05-27-2017, 02:52 PM   #7
Thinks s/he gets paid by the post
Fedup's Avatar
 
Join Date: Mar 2014
Location: Southern Cal
Posts: 4,032
I thought this is for Vanguard only?
Fedup is offline   Reply With Quote
Old 05-27-2017, 02:52 PM   #8
Administrator
MichaelB's Avatar
 
Join Date: Jan 2008
Location: lumpen slums of cyberspace
Posts: 30,054
Here's an article on 2FA deadspin-quote-carrot-aligned-w-bgr-2
MichaelB is offline   Reply With Quote
Old 05-27-2017, 03:17 PM   #9
Administrator
Alan's Avatar
 
Join Date: Jul 2005
Location: Eee ba gum
Posts: 24,883
Quote:
Originally Posted by Fedup View Post
I thought this is for Vanguard only?
A great many services have it available and many financial institutions insist on it because of the extra security it provides - you need to have something you know like a password or PIN and something you have like a security key or a phone* or an authentication app on a computer or smartphone or tablet.

*Living in England I don't have a US cell phone to receive texts but I do have a US Skype number so a call is made to that number and when I answer it a robotic voice tells me the code.
__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Enough private pension and SS income to cover all needs
Alan is offline   Reply With Quote
Old 05-27-2017, 06:43 PM   #10
Moderator
sengsational's Avatar
 
Join Date: Oct 2010
Posts: 5,581
You don't want to use LastPass for your password and your second factor because that would collapse into a single factor. You should try a non-LastPass solution for time based one time keys.
sengsational is offline   Reply With Quote
Old 05-27-2017, 06:52 PM   #11
Thinks s/he gets paid by the post
Fedup's Avatar
 
Join Date: Mar 2014
Location: Southern Cal
Posts: 4,032
Quote:
Originally Posted by Alan View Post
2FC on an iPhone is fine by me either as a text to the phone number or Google authenticator on the device because to access my iPhone requires my fingerprint or 8 character access code.

My bank, HSBC, uses its own authenticator built into its fingerprint protected app.

ETA
I have the notifications settings for text messages to not show on screen when iPhone is locked so a fingerprint is needed to read any SMS code that has been sent.
HSBC is just plain awful. We didn't log in to the online banking because it's just too hard. Every time we have to do it, both my husband and I had to sit together and try a few times. Not only that some of the key they sent was not working. And it's overseas. I can only think of madness. And it's us going bonkers or whatever the term is appropriate.
Fedup is offline   Reply With Quote
Old 05-27-2017, 07:26 PM   #12
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Chuckanut's Avatar
 
Join Date: Aug 2011
Location: West of the Mississippi
Posts: 9,338
One problem with getting a text message with you 'secret code' number as the 2nd factor is that the SMS messaging system is very insecure. if the bad guys know your phone number they can interecept your code.

Use of a random number generator such as Google's Authenticator is better. Or have the number sent to you via email if possible.
__________________
The worst decisions are usually made in times of anger and impatience.
Chuckanut is offline   Reply With Quote
Old 05-28-2017, 01:24 AM   #13
Administrator
Alan's Avatar
 
Join Date: Jul 2005
Location: Eee ba gum
Posts: 24,883
Quote:
Originally Posted by Fedup View Post
HSBC is just plain awful. We didn't log in to the online banking because it's just too hard. Every time we have to do it, both my husband and I had to sit together and try a few times. Not only that some of the key they sent was not working. And it's overseas. I can only think of madness. And it's us going bonkers or whatever the term is appropriate.
Really?

The vast majority of the time I log onto my uk HSBC account from a pc I select "without secure key" because that is only needed for transactions to send out money to new payee or change account settings. To view and move money between accounts only requires password access.

Mostly I access my accounts with their app which is just a fingerprint needed. Maybe you are still using the physical key to generate access codes.
__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Enough private pension and SS income to cover all needs
Alan is offline   Reply With Quote
2 factor ID?
Old 05-28-2017, 05:18 AM   #14
Thinks s/he gets paid by the post
 
Join Date: May 2014
Posts: 1,644
2 factor ID?

A few weeks ago I was speaking to my brokerage company and asked if they there was any additional security I could add to my account. I discovered I could get a security token to be used in conjunction with my password. - you press the button and a number pops up. Just like my super security conscience employer requires. I mentioned it to my sister in law and she learned her firm didn't offer anything like it..

I am not a security expert but without that little device I'm thinking (more hoping) it will be difficult to get into my account. My goal is to make it as difficult as possible...maybe the crooks will focus on easier prey...
rayinpenn is offline   Reply With Quote
Old 05-28-2017, 06:16 AM   #15
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
pb4uski's Avatar
 
Join Date: Nov 2010
Location: Vermont & Sarasota, FL
Posts: 23,089
Quote:
Originally Posted by Rustic23 View Post
.... Has anyone found a better work around?
I usually do not use my phone for any websites that I want 2fc on... so the app would be on my laptop and the authentication is done to my phone.... suspect that is what 2fc was designed for.
__________________
If something cannot endure laughter.... it cannot endure.
Patience is the art of concealing your impatience.
Slow and steady wins the race.

Retired Jan 2012 at age 56...60/35/5 AA
pb4uski is offline   Reply With Quote
Old 05-28-2017, 07:12 AM   #16
Administrator
Alan's Avatar
 
Join Date: Jul 2005
Location: Eee ba gum
Posts: 24,883
Voice recognition is being rolled out in the UK, don't know if it will make it to the USA. Last year HSBC UK introduced it and although I have only had to call them twice since setting it up, it was nice to be able to get through without a lot of key punching and security questions before speaking to someone.

On Friday DW called the UK SS folks with questions on her contributions record and to make some back payments. She already has an online account (with 2FA), and after making the call they finished off by establishing voice recognition for future use.
__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Enough private pension and SS income to cover all needs
Alan is offline   Reply With Quote
Old 05-28-2017, 07:36 AM   #17
Thinks s/he gets paid by the post
timo2's Avatar
 
Join Date: Jul 2011
Location: Bernalillo
Posts: 2,018
I sign up for two factor whenever it is available. Here is why: someone hacked my brother's gmail, and changed the password. the hacker then proceed to send requests for emergency funds to all my brother's contacts. Google support was no help in rectifying the situation. My brother somehow got the police involved and google finally did something. With two factor ID, that scenario can not happen. a hacker accessing my gmail would need the code sent to my phone. end of story. If I don't have a phone, there are alternate ways to obtain the code.
__________________
"We live the lives we lead because of the thoughts we think" Michael O’Neill

"We can cannot compel others to do our will" Norman Goldman
timo2 is offline   Reply With Quote
Old 05-28-2017, 12:42 PM   #18
Thinks s/he gets paid by the post
grasshopper's Avatar
 
Join Date: Oct 2010
Posts: 1,892
I use Fido U2f, for Google and financial accounts. I think using it for Google is important as a comprised email account affects most everything else now days.
__________________
For me experiences are not good or bad, just different
grasshopper is offline   Reply With Quote
Old 05-28-2017, 01:12 PM   #19
Thinks s/he gets paid by the post
Fedup's Avatar
 
Join Date: Mar 2014
Location: Southern Cal
Posts: 4,032
Quote:
Originally Posted by Alan View Post
Really?

The vast majority of the time I log onto my uk HSBC account from a pc I select "without secure key" because that is only needed for transactions to send out money to new payee or change account settings. To view and move money between accounts only requires password access.

Mostly I access my accounts with their app which is just a fingerprint needed. Maybe you are still using the physical key to generate access codes.
That was new. It was not like that a few years back. A few years back we had to use the secure key for log in.
Fedup is offline   Reply With Quote
Old 05-28-2017, 01:22 PM   #20
Administrator
Alan's Avatar
 
Join Date: Jul 2005
Location: Eee ba gum
Posts: 24,883
Quote:
Originally Posted by Fedup View Post
That was new. It was not like that a few years back. A few years back we had to use the secure key for log in.
Yes I remember the key well, and it is still available for those who do not wish to use the app. Technology moves on. With the app most functions can be performed using fingerprint authentication, but sensitive functions such as setting up a new payee require a randomly generated authentication code which the app then provides.
__________________

__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Enough private pension and SS income to cover all needs
Alan is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How do you factor dividends into the SWR? Andre1969 FIRE and Money 11 08-25-2010 06:18 PM
Hummm, I Failed to factor this into my retirement plans mickeyd Health and Early Retirement 7 03-29-2010 04:49 PM
Fudge Factor kyounge1956 FIRE and Money 29 01-11-2010 07:32 AM
Wow, ML lowering broker pay! The Vanguard factor? mickeyd Other topics 0 02-06-2006 11:42 AM
www.ehealthinsurance.com fudge factor? Cb FIRE and Money 14 08-24-2005 06:19 AM

» Quick Links

 
All times are GMT -6. The time now is 10:46 PM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
×