With 47,000 results for "2fa exploited" can't say I'm thrilled. No doubt depends on the implementation. Certainly hope the solution is open source. Hate tying an account to a phone number, makes it super easy for fed to take over an account. Are we trading privacy for security?
win lottery delivers about 115.000.000 results. travelling to moon results in 65.800.000 hits. Don't get me wrong, but what do many search engine hits actually mean? I consider 2FA a very safe way of authentication, if implemented properly. If one can bypass the 2FA authentication on a site, doesn't necessarily mean the concept of 2FA is bad. You'd have to look at the implemention as well. If I can bypass a door, doesn't necessarily mean I picked the lock and that the lock is bad. Maybe there was just a second door? There are some ways you can use "our" 2FA method. Why not giving it a try? Authenticator Plus app works fine. Or any other app of your liking.
This post is a perfect example how people get mislead by firstly confusing exploit with successful attack and secondly by equaling number of hits with severity. It's not personal, but your conclusions are totally wrong. It's not easy for people to choose a way / measure of security which is useful since you can read negative comments about any. Adding a second factor is all about maths and to lower the probability for a successful attack where an account is taken over and damage is done. You need 2 attack vectors at the same time frame with the same target! Even if they'd come from 2 different compromised systems they must have the same target account at the same time. By 2FA you do not tie a phone number to an account. You are tying a second factor for authentication to your account and this second factor can be your phone number. That's a big difference. And why should it make super easy for fed to take over the account? They could either way by judicial decision. We do, but not at all by 2FA. Quite the opposite! The accounts which need to be secured most are associated to a personal identity either way. By adding a second factor you do not trade privacy any further. 2FA is a security measure that is OS independent and combines 2 ways of authentication of the same account. There could be nothing better and easier to gain a huge amount of security by a simple process. Think about it. Not only here at MDL, but at your accounts where a takeover would really hurt you.
security is nothing more then a warm fuzzy feeling that makes you feel better , you can make things a little harder to get at and that is the best you can do , nothing in this digital world is impossible to get at !
I bet in the real world there is much more stolen than in the virtual world via attack on an account. Security is all about to minimize probability of successful attack on that what's considered as personal property. If the energy for an attack is big and focused enough nobody can 'secure' that property. This applies to the real world as well. Anyway each applied and reasonable security measure minimizes that probability. It's not just a warm feeling, it's probability. Hence we have fences and locks. And we have several authentication procedures...passport for 'real' identity and this passport then legitimates the relation to a virtual identity and account.... Besides of that..... If you should become victim of an attack, for instance hacked credit card account and you have to report it to the police, they exactly want to know which security measures you have applied. Such accounts are usually insured..but if they can prove negligence on your side you can be the fool.... It's actually the (illusionary) idea that one can keep property forever that makes the temporary fuzzy warm feeling.
As many accounts are hijacked and used for spam, please consider to activate 2FA. Additionally, also changing your password might help. Hijacked accounts are perma-banned. Please contact us in order to have your account restored (change password, use 2FA etc!)
I enabled that 2fa today - took a while to get the authentication app to work but after a while swearing at the phone, it worked 14 days will be a challenge as i have memory issues but i guess i will cross that bridge when i get to it - that is if i can remember how I got the back up codes just in case i fluff things up
I just used the google one, i had tried authy before and well i really f'd things up on that site to the point i got banned there again wasnt much of a loss as the site closed not long after
I have 2FA (with codes) enabled for a long time now. But, a few days ago, it was the first time I had problems. No email with auth codes did ever arrive, no matter how often I tried. Had to use a backup code to get back in. Hopefully, I never forget to renew them in time... And no, I don't have any Smartphone and thus no authenticator.
hm. after working for 25 years in security, one conclusion stands out for me; getting security is quite simple; render adverse activity against you less attractive than it is with your neighbor... and as i have not been invited to play the mod here, spammers are wasting their time with me. [ i dont even possess a dumbphone.]
That is an interesting way to refer to cyber security; a "mail cop". I like that. We'll see if that catches around the Net. Or has it already? My reason for the quote being added, though, is if you work in cyber security for the armed forces of any government on this planet, you are most certainly in a security role and actually working in security. If you work for many government agencies, such as the NSA in the United States, you are most definitely attuned to many aspects of security work and are working in security. Now I look at that use of the nomenclature "mail cop" as being sort of like the relationship between a patrol officer on active duty for a police force and a department store security employee. But I am not so sure what exactly was meant by that use of "mail cop" although, as noted, it is an interesting job description.
Oh my goodness! I sure did mess that up, didn't I!! Maybe I'm getting too old for this Internet communications on a discussion platform because my eyes are no good. Thank you for pointing that out to me. I sure messed up there. And a very sincere apology to you, Enthousiast. Good gosh - - - mall not mail. How stupid of me. Well, maybe we can figure out some way to use that mail cop thing.