+1 don't use any SMS-based 2FA.
This is what happened last year when a user decided to protect his Coinbase account with text message verifications:
https://medium.com/@CodyBrown/how-to-lose-8k-worth-of-bitcoin-in-15-minutes-with-verizon-and-coinbase-com-ba75fb8d0bac
Topic: 2FA - Important Precautions with Google Authenticator - page 3. (Read 1175 times)
Thank you for this information!
I always wondered if they store your accounts..
Well lucky me i noted every information in a texbook which i keep at a safe place.
What about 2Step mobile verification?
Is it not secure enough?
I always wondered if they store your accounts..
Well lucky me i noted every information in a texbook which i keep at a safe place.
What about 2Step mobile verification?
Is it not secure enough?
There had been reports of hacks in mobile verification.
2FA are safer.
https://www.cnet.com/how-to/why-you-are-at-risk-if-you-use-sms-for-two-step-verification/
Quote
So, why the move away from SMS?
For the simple fact that receiving 2SV codes via SMS is less secure than using an authentication app. Hackers have been able to trick carriers into porting a phone number to a new device in a move called a SIM swap. It could be as easy as knowing your phone number and the last four digits of your social security number, data that tends to get leaked from time to time from banks and large corporations. Once a hacker has redirected your phone number, they no longer need your phone in order to gain access to your 2SV codes.
For the simple fact that receiving 2SV codes via SMS is less secure than using an authentication app. Hackers have been able to trick carriers into porting a phone number to a new device in a move called a SIM swap. It could be as easy as knowing your phone number and the last four digits of your social security number, data that tends to get leaked from time to time from banks and large corporations. Once a hacker has redirected your phone number, they no longer need your phone in order to gain access to your 2SV codes.
Thank you for this information!
I always wondered if they store your accounts..
Well lucky me i noted every information in a texbook which i keep at a safe place.
What about 2Step mobile verification?
Is it not secure enough?
I always wondered if they store your accounts..
Well lucky me i noted every information in a texbook which i keep at a safe place.
What about 2Step mobile verification?
Is it not secure enough?
- 2FA google is an important and necessary form of security because:
- wallets or exchange pages are a treasure trove of money and property. It is very sensitive to security issues from hackers.
- wallets or exchange pages are a treasure trove of money and property. It is very sensitive to security issues from hackers.
We had this same topic a week ago here in this board:
https://bitcointalksearch.org/topic/how-to-save-a-key-for-google-authenticator-3118035
There have so many threads now with Google Authenticator vs. Authy that even the forum search capitulates
https://bitcointalksearch.org/topic/how-to-save-a-key-for-google-authenticator-3118035
There have so many threads now with Google Authenticator vs. Authy that even the forum search capitulates
if I myself prefer to enjoy not using GA. in my opinion there are many ways of securing akum other than GA lsilahkan you choose.
Hello everyone,
In this crypto universe most of us use 2FA (2 factor authentication) in many services, such as mails, exchanges and more.
It's strongly recommended to use 2FA. I use it on almost all my accounts. There are several apps that make 2FA, and the most used is Google Authenticator.
But one thing that many people do not know is the fact that Google Authenticator (GA) does not save your 2FA accounts in your google account. So if you lose your phone you lose access to all accounts linked to your GA (unless the site has some additional recovery mechanism).
So if you use GA it is worth taking at least one of these two precautions:
-You should always note the key when registering an 2FA account. Few people realize, but there is always a sequence of numbers below the QR code (or somewhere else on the website) when you register that account on your GA.
- Register the account on another device, such as a tablet.
An excellent alternative to GA is Authy app. This program works just like GA, but it saves your access accounts. That way, if you lose your cell phone, that's okay, as your data is backed up in the cloud.
Authy has an option to prohibit the registration of new devices. So if someone steals your Auth password, they can not add an additional device, unless if an authorized device allows the registration of new devices to your account.
In theory, GA is safer than Authy, because your data never leaves your phone. But for most cases it's more probable I lose my phone (or it breaks or whatever) than an attacker steals my passwords and my authy account and authorizes a new device. Anyway, using GA taking these precautions mentioned above is a great option.
Edit: Authy also has a google chrome extension, so you can use it on your desktop.
Edit 2:
You can also try Yubico, a USD stick authentication device. It is a more secure and better solution, however it has a cost (20-60 usd)
https://www.yubico.com/why-yubico/for-individuals/
In this crypto universe most of us use 2FA (2 factor authentication) in many services, such as mails, exchanges and more.
It's strongly recommended to use 2FA. I use it on almost all my accounts. There are several apps that make 2FA, and the most used is Google Authenticator.
But one thing that many people do not know is the fact that Google Authenticator (GA) does not save your 2FA accounts in your google account. So if you lose your phone you lose access to all accounts linked to your GA (unless the site has some additional recovery mechanism).
So if you use GA it is worth taking at least one of these two precautions:
-You should always note the key when registering an 2FA account. Few people realize, but there is always a sequence of numbers below the QR code (or somewhere else on the website) when you register that account on your GA.
- Register the account on another device, such as a tablet.
An excellent alternative to GA is Authy app. This program works just like GA, but it saves your access accounts. That way, if you lose your cell phone, that's okay, as your data is backed up in the cloud.
Authy has an option to prohibit the registration of new devices. So if someone steals your Auth password, they can not add an additional device, unless if an authorized device allows the registration of new devices to your account.
In theory, GA is safer than Authy, because your data never leaves your phone. But for most cases it's more probable I lose my phone (or it breaks or whatever) than an attacker steals my passwords and my authy account and authorizes a new device. Anyway, using GA taking these precautions mentioned above is a great option.
Edit: Authy also has a google chrome extension, so you can use it on your desktop.
Edit 2:
You can also try Yubico, a USD stick authentication device. It is a more secure and better solution, however it has a cost (20-60 usd)
https://www.yubico.com/why-yubico/for-individuals/
Jump to: