Chuckanut
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
So how do people feel about using Touch-ID and Face-ID to logon to apps?
So how do people feel about using Touch-ID and Face-ID to logon to apps?
So how do people feel about using Touch-ID and Face-ID to logon to apps?
True. I was going with "worst case scenario", where the bad guys get the salt when they steal the hashes. That's not a foregone conclusion, but you might imagine if they're rummaging around with database access, they might leave with salt as well as the hashes. It's much less useful for rainbow tables if the salt is different for each set of credentials, which I think is best practice. I'm not sure how wide that practice has become.It depends how they arrive at the salt value. The salt is designed to prevent a pre calculated rainbow table attack, which is basically what you are describing. If the salt is unknown to the attacker the hashes are secure.
Vanguard 2FA requires a text message. I am out of cell phone range while at home so they set my accounts up to not use 2FA. Hopefully, this is temporary. My cell company keeps saying they will have phone over internet any day now.
They also have an option to provide a physical security key that plugs into a USB port on your PC or laptop
https://investor.vanguard.com/security-center
Thanks. I don't recall them saying anything about a security key and this whole 2FA thing just was put in place on my account in December.