2FA

After the last class TC2027 on Monday 14 and Ken's suggestion of using an "strong" password  I was trying to figure what is the matter with our "regular" password when we activate a 2FA like an SMS, phone call or Google Authentication App. 
So I research about it and made this small post about it.

What I found was many examples about how 2FA and MFA resides on really normal transactions like credit cards, banks and doors, to say that we are using 2FA we should have 2 of:




  • something you know
  • something you have
  • something you are 

  • Witch basically is adding security layers to the standard "something you know" user and password, based on that is easy to resolve my questions; 2 layers are better than just 1 and stronger layers improve security even further.

    Other point I found is that there is a problem on the recovery passwords features because normally this process avoid the use of 2FA so many services have implemented a 3FA for recoveries, like a third part contact or a Unique Security Key (64digit).

    And on the balance of Secure <-> Easy to Use you can mantiene it simple, even though it could be a problem to lose the 2nd factor or to access easily on a "new" device you can have special one use password for specific devices or apps.

    Right now I use 2FA only on my primary accounts (G Suit, iCloud, FB, Dropbox, Git) and use Keychain as password-management system to generate and save strong passwords for anything else and I cloud recommend you to do the same.


        References:
        https://www.google.com/landing/2step/
        https://www.cnet.com/news/two-factor-authentication-what-you-need-to-know-faq/
        https://www.lynda.com/Server-tutorials/Multifactor-authentication/606075/643304-4.html

        Comentarios

        Entradas más populares de este blog

        Ethical issues security professionals

        Best Practices for DDoS

        Cryptography