While two factor can help I think this article, and Mat Honan's, are showing a fundamental breakdown in security on the company tech support side. I think companies need to do more to better educate their CSR's and to not so willingly give away information over the phone.
Interestingly enough, I think Mat Honan's post did say that had two-factor authentication been enabled for either his Gmail or Apple ID, things would have been much more difficult for the hackers to break into his account.
this biggest problem is stores arent libel for any fraudulent charges the bank eats those and we are responsible for $50 I bet you if the store was libel their cashiers would be trained better to CHECK ID before allowing a credit card purchase but alas to a store a fraud purchase is still a purchase
Yeah I'm not too keen on retailers no longer requiring signatures on purchases less than $50. I feel like less than $20 is acceptable but 40-50 is still a lot of money for most people.
I'm curious what happens if your phone / laptop are stolen or you forget to pay a bill and lose your phone number. I lost my phone a couple months back and can only imagine that having two factor auth would've made resetting passwords for all my services more difficult.
This is why I like the SMS option over relying on Google's app. If this was to happen I can just get service disconnected and reactivate a new phone.
Addendum to this: If you're traveling and your phone gets swiped, I think that's going to be a gigantic pain in the rear, especially if you're traveling internationally. The chances of this are probably low, but still. That would be a huge headache!
very cool frank thank you for those links!
Since paypal is the number one way I get paid by web development and hosting clients Ive been using their PIN card system for over 4 years when I login (Or anyone else who tries ) they are prompted for a 6 digit code I generate from a credit card looking device if I dont have it with me Im prompted for information Only I know to gain access to my Paypal Ive also been using 2 factor auth where ever I can including gmail/google and FB and I teach my clients to do the same
2 factor authentication is nice in theory but for someone like me that has their phone OS completely changed from day to day it just doesn't work. I much rather rely on strong passwords and something like 1Password.
most two factor auth send a code to your phone number so even if your OS changes Your number stays the same correct? or am I missing something? and Im no dummy but I installed KeePass and was completely bewildered I cant imagine any of my clients using it I only got as far as generating a master key and setting up the DB after that I was lost
I think he's referring to Google's option of using their Google Authenticator app instead of getting an SMS each time. But that's entirely optional and you can switch back to getting an SMS each time you log in if you want.
Exactly, I was referring to the app method which just wouldn't work for me. The SMS method works and I am giving that a try. And then you have services like logmein that don't even offer sms but instead use email. Maybe if I use a google voice number as the SMS for all my 2 factor except google's... then I am not even tied to my phone as I can always just check the web portal.
This post has been removed.
Ive made it my duty to educate my clients wherever and whenever I can as I believe a smart client is happy client a lot of IT support will let their clients do crap passwords just so they can bill for the clean up afterwords but it is a struggle even on my own end to use strong passwords and use 2 factor because Im very busy and this slows me down but then I think of the lost hours if I got hacked or any of my clients got hacked yeah its a no brainer