Date: Sat, 2 Jul 2016 16:47:28 +0200 From: Yoha <yoha@...on.org> To: passwords@...ts.openwall.com Subject: Re: 2-Factor vs Authentication Definitely agree with the most common form of 2FA. Le 02/07/2016 à 12:41, e@...tmx.net a écrit : > can you guarantee the most important property of it (required by the > 2-Factor) that the number will remain assigned to you next minute? NO > YOU CAN NOT! The number belongs to your service provider and they have > complete and exclusive control over it (and even that is > questionable). Similarly you do not own «your» e-mail, «your» domain > name, «your» passport number — all those things belong to other people > whom you do not know even by names! This is why actual [OTP](https://en.wikipedia.org/wiki/One-time_password#How_OTPs_are_generated_and_distributed) are much better than confirmation codes sent to phone numbers/mail addresses. In particular, [TOPT](https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm) are very easy to use, more secure than confirmation codes, *and* much faster (there are sometimes delays of a few minutes before the confirmation codes is received). Additionally, they allow better flexibility (e.g. when using multiple phones).
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.