I hate how we are forced to use 2fa .. It should be our choice.
It is a pain for me to use since I don't get cell service in my area and not all exchanges allow the google version.
Topic: 2-Factor Authentication - page 5. (Read 1734 times)
I use Google Authenticator but got issues to login my exchange account, so I change to use Authy never have issues so far, but read all the previous post I will considering to use FIDO U2F Key from Yubico for more secure to all my account.
2-factor authentication will give you more security on your account but always saved the encrypted message as you will be in a big problem once your phone shut down or stolen!
I don't have first hand experience with losing phone credentials but I have helped people navigate what can become a total nightmare. The better sites have papercode backups in case you lose your phone or it gets destroyed. Without those a loss of phone credentials will "wreck your day" in a big way. I ONLY use full U2F so I don't worry because I have two encrypted chips and the sites allow either to be used. The backup chip is in my safe.
2-factor authentication will give you more security on your account but always saved the encrypted message as you will be in a big problem once your phone shut down or stolen!
Is there any loss of privacy while using 2 Factor authentication?
If you use Google Authenticator on an android phone (where essentially you have linked your google id), to authenticate the login of a third party website, can google link your google id with the credentials of the third party website?
I have put my trust in the second authentication fact. I am already using it from some time and i had no issues with it and i am confident in the Google's confidential politics. If you use Google Authenticator on an android phone (where essentially you have linked your google id), to authenticate the login of a third party website, can google link your google id with the credentials of the third party website?
I use 2-factor authentication with an offline (no sim card; no internet) mobile phone. Only when I need to sync my numbers, I'm connecting the phone to internet and making sync process. I dont know but i belive that its better to use it offline maybe.
Is this any good? I'd love to buy one but the USB looks too old-fashioned and doesn't have a case supporting it, possibility of it to break easily is also a thing to be taken into consideration before buying it.
I think it's the best alternative but yeah I admit it looks like a prototype from 2000. There is a tutorial if I remember so you can make your own from scratch.
There are other USBs more "swag" for example FIDO U2F Security Key from Yubico https://www.yubico.com/
By far a superior process compared to google or authy. Sure fire and encrypted privacy. I would suggest the "swag" model if you need to be mobile. The higher end models use NFC and you just touch your smartphone using NFC it authenticates everything. Cannot be beaten by a hacker. Wish we used this process here in this forum!
Is there any loss of privacy while using 2 Factor authentication?
If you use Google Authenticator on an android phone (where essentially you have linked your google id), to authenticate the login of a third party website, can google link your google id with the credentials of the third party website?
If you use Google Authenticator on an android phone (where essentially you have linked your google id), to authenticate the login of a third party website, can google link your google id with the credentials of the third party website?
I don't think Google would ever risk their reputation to be destroyed in an instant by breaching your privacy that way... I have used Google Authenticator extensively for a good couple of years now, never had a problem at all.
When you activate 2FA on websites you are given a UNIQUE key together with a QR code to scan. The key works on ANY phone, so it is definitely NOT linked to your Google ID and you should therefore keep that key well hidden.
This shouldn't be the case and especially so with an authenticator.
If an authenticator has a predecessor of the name Google, users would go for it. However they might not go for authy or something in the first place when they know something called "Google Authenticator", exists. Plus, most websites who have 2FA enabled recommended Google Authenticator. The main reason why I wouldn't use Google authenticator or Authy is because it's not open source. There's open source alternatives which have been mentioned above which are simply better. Before you say Google authenticator is open source, the app which you download on the store is not.
Also, for their multi device feature to work, then your keys need to be stored on a server for it to work. So they certainly keep records/data. These are encrypted by the backup password you set. This is encrypted using AES and a randomly generated salt using PBKDF2. So the data is stored otherwise, it wouldn't be possible to restore access using another device.
True that. Google is highly overrated in some places and authy which I have been using does need a replacement.Also, for their multi device feature to work, then your keys need to be stored on a server for it to work. So they certainly keep records/data. These are encrypted by the backup password you set. This is encrypted using AES and a randomly generated salt using PBKDF2. So the data is stored otherwise, it wouldn't be possible to restore access using another device.
I think it's the best alternative but yeah I admit it looks like a prototype from 2000. There is a tutorial if I remember so you can make your own from scratch.
There are other USBs more "swag" for example FIDO U2F Security Key from Yubico https://www.yubico.com/
Yubiko is nice because it has a USB type C, so I did like that. But 50-60$ for an authenticator, I'm not sure yet but I do want to buy one.There are other USBs more "swag" for example FIDO U2F Security Key from Yubico https://www.yubico.com/
Anyhow, thank you for sharing that information, was really helpful.
Is this any good? I'd love to buy one but the USB looks too old-fashioned and doesn't have a case supporting it, possibility of it to break easily is also a thing to be taken into consideration before buying it.
I think it's the best alternative but yeah I admit it looks like a prototype from 2000. There is a tutorial if I remember so you can make your own from scratch.
There are other USBs more "swag" for example FIDO U2F Security Key from Yubico https://www.yubico.com/
For a lot of people if not everyone , their belief lies in reputed and "trusted" companies.
This shouldn't be the case and especially so with an authenticator. Any particular reason why? I have been using authy and I say it is any day better than Google authenticator, for it doesn't BACK up your fucking data. Almost had a nightmare when I un-installed it by mistake, had to contact so many exchanges to remove the 2FA 
I personally have never had any issues with authy.
I personally have never had any issues with authy.
The main reason why I wouldn't use Google authenticator or Authy is because it's not open source. There's open source alternatives which have been mentioned above which are simply better. Before you say Google authenticator is open source, the app which you download on the store is not.
Also, for their multi device feature to work, then your keys need to be stored on a server for it to work. So they certainly keep records/data. These are encrypted by the backup password you set. This is encrypted using AES and a randomly generated salt using PBKDF2. So the data is stored otherwise, it wouldn't be possible to restore access using another device.
This is almost true for anything which isn't open source. .
For a lot of people if not everyone , their belief lies in reputed and "trusted" companies. I would recommend staying away from Authy, but if you are to use it then make sure to turn off multi device in the settings. This prevents recovery from other phones. If you ever want to transfer to another phone though this option will need to be enabled.
Any particular reason why? I have been using authy and I say it is any day better than Google authenticator, for it doesn't BACK up your fucking data. Almost had a nightmare when I un-installed it by mistake, had to contact so many exchanges to remove the 2FA I personally have never had any issues with authy.
You can use a USB like U2F Zero as long you don't lose it you're good to go https://www.u2fzero.com/
... and it's open source https://github.com/conorpp/u2f-zero
Is this any good? I'd love to buy one but the USB looks too old-fashioned and doesn't have a case supporting it, possibility of it to break easily is also a thing to be taken into consideration before buying it. ... and it's open source https://github.com/conorpp/u2f-zero
If you care about your privacy you shouldn't use any Google's product, no matter how good they are. It's how the company make its income, using your privacy.... Who knows if in 10 years we learn that in fact, it was another shady product
This is almost true for anything which isn't open source. I have read Authy is far better than Google Authenticator.
I would recommend staying away from Authy, but if you are to use it then make sure to turn off multi device in the settings. This prevents recovery from other phones. If you ever want to transfer to another phone though this option will need to be enabled.
If you care about your privacy you shouldn't use any Google's product, no matter how good they are. It's how the company make its income, using your privacy.... Who knows if in 10 years we learn that in fact, it was another shady product
I have read Authy is far better than Google Authenticator.
You can use a USB like U2F Zero as long you don't lose it you're good to go https://www.u2fzero.com/
... and it's open source https://github.com/conorpp/u2f-zero
I have read Authy is far better than Google Authenticator.
You can use a USB like U2F Zero as long you don't lose it you're good to go https://www.u2fzero.com/
... and it's open source https://github.com/conorpp/u2f-zero
The protocol used by Google Authenticator is open and should be private (in that giving a code should link you only with your account on the site), but the Google Authenticator app is closed-source, so I wouldn't rely 100% on that app. There are open source alternatives. Authy works differently, and I do not recommend it. SMS is really bad. U2F is probably good, though I haven't actually looked into it closely yet.
If you are that bothered about privacy issues then you can always use a separate mobile phone just for that purpose. I mean they are pretty cheap to pick up these days.
If you are using SMS verification then those messages could potentially be intercepted by someone malicious and Coinbase actually hit the news for this reason. I don't believe that a third party website is required to send any of the credentials to Google though. So you are safe in that aspect.
If you are using SMS verification then those messages could potentially be intercepted by someone malicious and Coinbase actually hit the news for this reason. I don't believe that a third party website is required to send any of the credentials to Google though. So you are safe in that aspect.
I think no since Google Authenticator works offline and even if you only add the authentication key only with vague description/name. Unless they upload your keys and description along with google account you use on your smartphone.
Is there any loss of privacy while using 2 Factor authentication?
If you use Google Authenticator on an android phone (where essentially you have linked your google id), to authenticate the login of a third party website, can google link your google id with the credentials of the third party website?
If you use Google Authenticator on an android phone (where essentially you have linked your google id), to authenticate the login of a third party website, can google link your google id with the credentials of the third party website?
Jump to: