| Redisplay Messages: Compact | Brief | All | Full Show Messages: All | Without Replies Author: | qwertyboy | Posted: | Jan 23, 2020 20:08 | Subject: | Re: 2FA or some other additional login security | Viewed: | 55 times | Topic: | Suggestions | |
|
| In Suggestions, SylvainLS writes:
| In Suggestions, patpendlego writes:
| […]
Obviously the idea behind 2FA is that you're NOT using the same device.
|
Yeah, that’s the idea but unfortunately, that’s not the common practice.
| I
personally never use the same device. Also, besides SMS there are authentication
apps which are secured by a pincode. In general, 2FA is regarded as the standard
safe login method today whereas 1FA is considered not safe enough anymore. Hence
the suggestion.
|
I understand the suggestion. I’m just pointing one pitfall.
“Regarded” is the problem here: people feel confident when in reality the implementation
is generally flawed.
How many websites check you’re not using the same device?
None, because it can’t be done.
|
2FA is also referred to "something you know, and something you have". 2FA is
not meant to make sure it is you that is using your phone. Rather, it is meant
to do a second check after "someone" logged in (and used the "something you know")
by making sure that person also clears the "something you have" hurdle.
Saying 2FA implementations are generally flawed because they don't check
you are using the same device makes no sense. It is not meant to do that check.
It is meant to prevent "SylvainLS" in France to log into account "qwertyboy".
Good luck doing that if 2FA sends my Canadian phone a txt.
Niek.
|
|
Author: | SylvainLS | Posted: | Jan 23, 2020 17:27 | Subject: | Re: 2FA or some other additional login security | Viewed: | 69 times | Topic: | Suggestions | |
|
| In Suggestions, patpendlego writes:
| […]
Obviously the idea behind 2FA is that you're NOT using the same device.
|
Yeah, that’s the idea but unfortunately, that’s not the common practice.
| I
personally never use the same device. Also, besides SMS there are authentication
apps which are secured by a pincode. In general, 2FA is regarded as the standard
safe login method today whereas 1FA is considered not safe enough anymore. Hence
the suggestion.
|
I understand the suggestion. I’m just pointing one pitfall.
“Regarded” is the problem here: people feel confident when in reality the implementation
is generally flawed.
How many websites check you’re not using the same device?
None, because it can’t be done.
|
|
Author: | leggodtshop | Posted: | Jan 23, 2020 16:58 | Subject: | Re: 2FA or some other additional login security | Viewed: | 57 times | Topic: | Suggestions | |
|
| In Suggestions, SylvainLS writes:
| In Suggestions, patpendlego writes:
| Admin,
Please implement 2FA or some other additional login security to BrickLink account.
2FA = 2-Factor-Authentication
It could help prevent hacking or stealing of accounts and account & inventory
information.
Of course this could be set as optional on the account.
|
The main problem I have with 2FA is that, most of the time, the implementation
consists in sending an SMS on the same phone the user is already using to browse
the website, and that makes it 1FA (we’re checking the person holding the phone
can use the phone’s browser and read SMS on the same phone, whoopee).
This gives a false sense of security.
|
Obviously the idea behind 2FA is that you're NOT using the same device. I
personally never use the same device. Also, besides SMS there are authentication
apps which are secured by a pincode. In general, 2FA is regarded as the standard
safe login method today whereas 1FA is considered not safe enough anymore. Hence
the suggestion.
|
|
Author: | SylvainLS | Posted: | Jan 23, 2020 16:14 | Subject: | Re: 2FA or some other additional login security | Viewed: | 70 times | Topic: | Suggestions | |
|
| In Suggestions, patpendlego writes:
| Admin,
Please implement 2FA or some other additional login security to BrickLink account.
2FA = 2-Factor-Authentication
It could help prevent hacking or stealing of accounts and account & inventory
information.
Of course this could be set as optional on the account.
|
The main problem I have with 2FA is that, most of the time, the implementation
consists in sending an SMS on the same phone the user is already using to browse
the website, and that makes it 1FA (we’re checking the person holding the phone
can use the phone’s browser and read SMS on the same phone, whoopee).
This gives a false sense of security.
|
|
Author: | leggodtshop | Posted: | Jan 23, 2020 14:36 | Subject: | 2FA or some other additional login security | Viewed: | 171 times | Topic: | Suggestions | Status: | Open | Vote: | [Yes|No] | |
|
| Admin,
Please implement 2FA or some other additional login security to BrickLink account.
2FA = 2-Factor-Authentication
It could help prevent hacking or stealing of accounts and account & inventory
information.
Of course this could be set as optional on the account.
Thank you.
|
Next Page: 5 More | 10 More | 25 More | 50 More | 100 More
|
|