Date: Sat, 2 Jul 2016 17:20:11 +0200 From: Yoha <yoha@...on.org> To: passwords@...ts.openwall.com Subject: Re: 2-Factor vs Authentication Le 02/07/2016 à 17:10, e@...tmx.net a écrit : > On 07/02/2016 04:47 PM, Yoha wrote: >> Definitely agree with the most common form of 2FA. > > the emphasis is: > the most common variant of any "new technology" > advocated for by the major market players > with a choir of "experts" and "gurus" > is always a very harmful piece crap, > guaranteed to compromise users security; > and the populus plays along happy and trustful. > > Sorry, I was not clear. I meant: I agree with your point of view, regarding this approach (sending a confirmation code), which seems to be the most common one from my personal experience. >> This is why actual >> [OTP](https://en.wikipedia.org/wiki/One-time_password#How_OTPs_are_generated_and_distributed) >> >> are much better than confirmation codes sent to phone numbers/mail >> addresses. In particular, >> [TOPT](https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm) >> >> are very easy to use, more secure than confirmation codes, *and* much >> faster (there are sometimes delays of a few minutes before the >> confirmation codes is received). Additionally, they allow better >> flexibility (e.g. when using multiple phones). > > in other words, the second factor is defined here as: > preshared piece of software. > > seems ok, but i am devoid of any deep insight on that. > Well, there is not deep insight, it just look like the correct way to do any 2FA since, as you described previously, sending a confirmation code may not add that much security.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.