Topic: 2FA Options - Which is best? POLL (Read 3395 times)
I prefer Yubikey for anything protecting coins, no software that could be vulnerable to attack. Google Auth for anything else for simplicity
Google Authenticator
i prefer google.
much easier to use if i have my phone and my google account.
much easier to use if i have my phone and my google account.
I only use google authenticator and used SMS in bit-x.
google authenticator is better because with SMS sometimes the message doesn't arrive
google authenticator is better because with SMS sometimes the message doesn't arrive
just sms 
Google Authenticator for sure
Google ofcourse! 
I use Google Authenticator and SMS.
You forgot BitID (BIP draft).
Quote
The following BIP is an open protocol proposal allowing simple and secure authentication based on public key cryptography. By authentication we mean to prove to a service/application that we control a specific Bitcoin address by signing a challenge, and that all related data and settings may securely be linked to our session.
Isn't whatever Google Authenticator uses a standard? I have the Microsoft Authenticator and the keys for GA work just fine there.
I think it is. I'm been using it in the past and I've been satisfied.I'm also voting for GA here, as I've seen it on multiple occasions around the web.
All seem to forget that Google 2FA is notoriously hard to backup. All of you who are using it, I urge you to make a copy of the first QR code, the one used during setup.
Google auth
I recommend authy
Google authentication because most sites supported,but wonder how to recover if the app are crashed
Personally, i think google authenticator is the best for me. It's easy to access from smartphone and google chrome plugin. It's speed to generate code too. So in my opinion, google authenticator is the best for me.
I dont even bother with 2fa.. i need to look into it tho.
As most of the people I use Googgle Auth. Its usage is pretty simple. I do not have any problem with it.
Isn't whatever Google Authenticator uses a standard? I have the Microsoft Authenticator and the keys for GA work just fine there.
I think it is. I'm been using it in the past and I've been satisfied.I'm also voting for GA here, as I've seen it on multiple occasions around the web.
All seem to forget that Google 2FA is notoriously hard to backup. All of you who are using it, I urge you to make a copy of the first QR code, the one used during setup.
Isn't whatever Google Authenticator uses a standard? I have the Microsoft Authenticator and the keys for GA work just fine there.
I think it is. I'm been using it in the past and I've been satisfied.I'm also voting for GA here, as I've seen it on multiple occasions around the web.
Google Authenticator. Already use it for 2 weeks and there is no problems.
Considering I have no idea what most of the others are, and that I am reluctant to give out my number for SMS, Google authenticator is my choice. Almost everyone has an Android mobile, so it is easily available. Only thing to keep in mind is to backup the original key.
In my honest opinion the best 2FA option is the google authenticator app. It is easiest and free option, maybe they can allow to buckup our codes and send them to a personal email address.
This. In the past Google released an update for Google Authenticator that had a bug that accidentally deleted some users codes.
Google intentionally didn't put in a way to back up codes as their plan is that if you lose a code you need to verify yourself with the service and they give you a new code. The problem is some websites, such as BTC-e, don't have the proper procedures in place to reset 2FA, so if you lose your code you may not be able to regain access to your account. This is particularly bad for Bitcoin websites due to the fact the bitcoin community loves anonymity, as it is difficult to verify yourself when you are anonymous.
I personally think that the security that 2FA provides is significantly over-hyped. If the device you are logging in with is infected with viruses they can hijack your session when you login and have full access to the account. The only scenario 2FA protects against is if an attacker has obtained your password without compromising your PC, this usually means you've fallen victim to a phishing scam or you reuse passwords or have significantly weak passwords, a password manager such as LastPass or KeePass does a better job at protecting you from those threats than 2FA.
Any 2FA method must be able to give you your code independently of any additional connection or service. For example you must not have to login to any third party website to get your code, and you must not need to have any internet/wireless connection on your 2FA device. If either of these are true then you would need to trust the third party with your 2FA codes which somewhat defeats the purpose.
I, personally am a little wary about using those apps, I just use regular text messages as 2fa on all sites that allow it. I've heard of so many stories where things go wrong with apps like Authy and people find themselves locked out of their own accounts. I think you should definitely add the text message option to your list.
SMS added
I high recommend Google authenticator and Authy. I already used this 2 that's why.
I use Google authenticator and authy(this one is forced by some websites) and I like both, I like the fact that you can do a backup in the cloud with authy because I haven't got to do a backup of google auth keys
What about this?
https://www.grc.com/sqrl/sqrl.htm
When lastpass first came out I tried it and was pwned instantly. I don't care if it's fixed, not touching it ever!
I've used google auth in the past. These seem to lend a sense of security to anyone using them as they are only one extra hurdle to jump over.
What is the best? Wouldn't that bee you?
8 )
https://www.grc.com/sqrl/sqrl.htm
When lastpass first came out I tried it and was pwned instantly. I don't care if it's fixed, not touching it ever!
I've used google auth in the past. These seem to lend a sense of security to anyone using them as they are only one extra hurdle to jump over.
What is the best? Wouldn't that bee you?
8 )
i've tried only Google 2fa and it worked flawlessy until today. considering that google now possess definetely too many informations about myself, i should give a try to one of the other 2fa methods posted here
Voted for Google Authenticate as this is most popular and working quite perfectly for me and many others. I am using GA successfully without any problem and this made me satisfied about my assets and persona data .
I, personally am a little wary about using those apps, I just use regular text messages as 2fa on all sites that allow it. I've heard of so many stories where things go wrong with apps like Authy and people find themselves locked out of their own accounts. I think you should definitely add the text message option to your list.
I hate Authy very much 
I lost my account because it
I still choose Google Authenticator since most services use it as 2FA
And it stand independently, you just have to sync the correct time
I also never got any problem with it
I've been using for a long a time never had any problems. i like authy coz all my 2fa accounts can be restore to another device with just phone verification. I lost my account because it
I still choose Google Authenticator since most services use it as 2FA
And it stand independently, you just have to sync the correct time
I also never got any problem with it
Google auth :<
Having used google authenticator the last 2 years now i can say ive never had a single problem with it and never been hacked since using it. Didnt the Litecoin creator create it also? if so awesome!
Really only used Google Authenticator and it has worked well for me. Duo does look interesting though and the click to approve feature of it seems like it might give an edge to convenience. Though I think it requires you to register or something.
I have only heard of Google Authenticator....don't really know much about the others...so a little bit more information on the other would be great.
Google 2FA works fine and is the most popular. DOn't see a need for another one
Google Authenticator, but only because it's the only I have used.
Are there any other ones that are actually better?
Are there any other ones that are actually better?
there is, authy is pretty good, if you are poor and can't get even a economic smartphone and you are stuck with old standard phone, also i like the sms code, it's easy and fast
Authy is much less secure than most of the others and you are dependant on the Authy service. If anything happens to the Authy service you are SOL.
Google authenticator (and every other app that implements TOTP) isn't dependant on anything, it's stand-alone so even if Google were to disappear your app will continue working fine, with Authy you'd be fucked.
Also Authy has the ability to bypass 2FA on any of your accounts, so if there is a rogue employee or they are hacked then it could lead to many people being hacked.
And there are privacy issues as Authy knows when you are logging in, what websites you are logging into, what other Authy-enabled websites you use and your phone number and your IP. You also must disclose your phone number to them to use the service.
well i didn't know that authy come with all those problems, good to know i guess, the problem with GA is that it can't be used without a proper device, the pc version also is less secure than the standard one with a smartphone
Google Authenticator, but only because it's the only I have used.
Are there any other ones that are actually better?
Are there any other ones that are actually better?
there is, authy is pretty good, if you are poor and can't get even a economic smartphone and you are stuck with old standard phone, also i like the sms code, it's easy and fast
Authy is much less secure than most of the others and you are dependant on the Authy service. If anything happens to the Authy service you are SOL.
Google authenticator (and every other app that implements TOTP) isn't dependant on anything, it's stand-alone so even if Google were to disappear your app will continue working fine, with Authy you'd be fucked.
Also Authy has the ability to bypass 2FA on any of your accounts, so if there is a rogue employee or they are hacked then it could lead to many people being hacked.
And there are privacy issues as Authy knows when you are logging in, what websites you are logging into, what other Authy-enabled websites you use and your phone number and your IP. You also must disclose your phone number to them to use the service.
Not only that large website owners have to pay Authy a fee to use the service, which is ridiculous when there are so many free and open source solutions that are far superior to Authy.
There are TOTP clients available for older phones, I know symbian phones have one and I'm sure any of the old feature phones that run Java could run a client, though I don't know if anyone has taken the time to code one up.
Google Authenticator, but only because it's the only I have used.
Are there any other ones that are actually better?
Are there any other ones that are actually better?
there is(not talking about security, but about usability), authy is pretty good, if you are poor and can't get even a economic smartphone and you are stuck with old standard phone, also i like the sms code, it's easy and fast
I couldn't vote because you don't have an option for LastPass with RSA SecurID.
Done, vote away!
Yubikey4lyfe! and the NFC version is nice for using Lastpass on a smartphone.
Google Authenticator, but only because it's the only I have used.
Are there any other ones that are actually better?
Are there any other ones that are actually better?
Not really. There are only minor differences. None of them do anything to protect against session hijacking AFAIK. Ideally a 2FA app should show you the details of the withdrawal etc before you enter the 2FA code into the website, so you know you are authenticating the right transaction, as if your computer is infected you could be shown one address on screen yet actually be withdrawing to another.
Also Google Authenticator does not send any information back to Google, it is a standalone app that employs TOTP and HOTP and isn't reliant on Google at all. So it's reasonably safe to use unless Google has hidden a backdoor in it as it isn't open source anymore. If you are worried about that you can use freeOTP on android which is an open source app that is fully compatible with Google Authenticator as it also uses TOTP and HOTP.
Google Authenticator, but only because it's the only I have used.
Are there any other ones that are actually better?
Are there any other ones that are actually better?
For me it's authy...
Because of their good GUI and their backup system...
And anyway google authenticator isn't working for me, so that's why i chose authy
Because of their good GUI and their backup system...
And anyway google authenticator isn't working for me, so that's why i chose authy
It was happened the same thing to me not on btc-e but on bittrex. I have recovered my iPhone and lost all the app (I didn't buckup anything). After I have contacted their support through email and they have asked me only the last activity of my account, finally in less than 48 hours my account was "unlocked" without the 2FA. So I raccomebd to all who are trading me, to save the code ( or qrcode, when you will be activate it).
A lot of exchanges don't allow such easy access, as a lot of wallet robberies are going on now. Hackers are logging in to email accounts which are linked to exchanges and are claiming that they have lost their 2FA.
The problem is some websites, such as BTC-e, don't have the proper procedures in place to reset 2FA, so if you lose your code you may not be able to regain access to your account.
One of my friends faced the same issue with BTC-e. But he was allowed to access his account in a few days time, after he was able to convince them that he was the rightful owner of the account. The problem with BTC-e is that their support staff speaks only Russian and it takes a lot of effort to communicate with them.
It was happened the same thing to me not on btc-e but on bittrex. I have recovered my iPhone and lost all the app (I didn't buckup anything). After I have contacted their support through email and they have asked me only the last activity of my account, finally in less than 48 hours my account was "unlocked" without the 2FA. So I raccomebd to all who are trading me, to save the code ( or qrcode, when you will be activate it).
The problem is some websites, such as BTC-e, don't have the proper procedures in place to reset 2FA, so if you lose your code you may not be able to regain access to your account.
One of my friends faced the same issue with BTC-e. But he was allowed to access his account in a few days time, after he was able to convince them that he was the rightful owner of the account. The problem with BTC-e is that their support staff speaks only Russian and it takes a lot of effort to communicate with them.
In my honest opinion the best 2FA option is the google authenticator app. It is easiest and free option, maybe they can allow to buckup our codes and send them to a personal email address.
This. In the past Google released an update for Google Authenticator that had a bug that accidentally deleted some users codes.
Google intentionally didn't put in a way to back up codes as their plan is that if you lose a code you need to verify yourself with the service and they give you a new code. The problem is some websites, such as BTC-e, don't have the proper procedures in place to reset 2FA, so if you lose your code you may not be able to regain access to your account. This is particularly bad for Bitcoin websites due to the fact the bitcoin community loves anonymity, as it is difficult to verify yourself when you are anonymous.
I personally think that the security that 2FA provides is significantly over-hyped. If the device you are logging in with is infected with viruses they can hijack your session when you login and have full access to the account. The only scenario 2FA protects against is if an attacker has obtained your password without compromising your PC, this usually means you've fallen victim to a phishing scam or you reuse passwords or have significantly weak passwords, a password manager such as LastPass or KeePass does a better job at protecting you from those threats than 2FA.
Expensive?
Can you please elaborate a little more?
Can you please elaborate a little more?
The Google Authenticator is a free application and requires no fee, while the other options such as Yubikey are expensive. Yubikey costs anywhere from $25 to $500. Check this for more details:
https://store.yubico.com/
Must be GA, I have used Authy in cryptsy exchange, but it is not cool as GA.
Reasons:
1. Google has the most advantage tech, I think it must be the safest 2FA.
2. GA is widely used in recent years, I even don't know other 2FA except authy.
3. I have used GA for 2 years, and no hackers, no stealing, it must be the best.
Reasons:
1. Google has the most advantage tech, I think it must be the safest 2FA.
2. GA is widely used in recent years, I even don't know other 2FA except authy.
3. I have used GA for 2 years, and no hackers, no stealing, it must be the best.
I couldn't vote because you don't have an option for LastPass with RSA SecurID.
None of the above.
I don't trust authenticator apps. My phone has repeatedly fucked up despite fiddling with the time sync. Every time I use it I fully expect to be locked out.
I'll go for one time codes written on paper.
I don't trust authenticator apps. My phone has repeatedly fucked up despite fiddling with the time sync. Every time I use it I fully expect to be locked out.
I'll go for one time codes written on paper.
I always take the time... to fucking disable those!!
Hate having my time wasted every time I log in for nazi control non-sense posing for my security.
Well, for you security and oral health, don't fucking bother me with BS.
I'm not a Bush made sheep who needs security at every corner of life, I can handle risk very well.
If I lose coin... well, I won't because I don't deal with exchanges and pools auto-payout.
If I do, it will be minimal and my own fault...
Leaving coin in an exchange or pool is like leaving a pan full of Gold out in the weather.
The End.
Hate having my time wasted every time I log in for nazi control non-sense posing for my security.
Well, for you security and oral health, don't fucking bother me with BS.
I'm not a Bush made sheep who needs security at every corner of life, I can handle risk very well.
If I lose coin... well, I won't because I don't deal with exchanges and pools auto-payout.
If I do, it will be minimal and my own fault...
Leaving coin in an exchange or pool is like leaving a pan full of Gold out in the weather.
The End.
Why are you so angry about a simple question all you needed to say was, (No i use none of them 2fa's as i disable them every time) Nice and easy but no you have to go all crazy on us lol just calm down and take a moment before posting in future.
Oh and why the need to disable, i have never had to disable it because if i didn't want it i would not enable you ya understand?
It takes a few seconds to type in some numbers shame you find it so difficult.
(op) I use and have voted Google it has been good to me so far so i won't be changing.
Cheers.
Expensive?
Can you please elaborate a little more?
Can you please elaborate a little more?
I have been using Google Authenticator for many years now. They are secure, reliable and cheap. The other options are not that easy to use, and most of them are very expensive.
I really like authy, it has never failed me, UI s much better then Google and their support s fast and responsive.
Besides these two, I have not tried the rest.
Besides these two, I have not tried the rest.
I use google authenticator since you can never go wrong trusting a big technology-invested corporation like them. The next best thing apart from GA is perhaps Authy since they also have the option to sync tokens on multiple devices together and it comes especially useful for people like me who uses tablets, pc and my mobile depending on my mood and location.
I always take the time... to fucking disable those!!
Hate having my time wasted every time I log in for nazi control non-sense posing for my security.
Well, for you security and oral health, don't fucking bother me with BS.
I'm not a Bush made sheep who needs security at every corner of life, I can handle risk very well.
If I lose coin... well, I won't because I don't deal with exchanges and pools auto-payout.
If I do, it will be minimal and my own fault...
Leaving coin in an exchange or pool is like leaving a pan full of Gold out in the weather.
The End.
Hate having my time wasted every time I log in for nazi control non-sense posing for my security.
Well, for you security and oral health, don't fucking bother me with BS.
I'm not a Bush made sheep who needs security at every corner of life, I can handle risk very well.
If I lose coin... well, I won't because I don't deal with exchanges and pools auto-payout.
If I do, it will be minimal and my own fault...
Leaving coin in an exchange or pool is like leaving a pan full of Gold out in the weather.
The End.
I use google authenticator and will continue doing so for as long as it is safe and as easy to use as it is, never needed support i save my key so if anything ever happens to my phone i can still get on the site to change the 2fa. Super quick and easy to use i have not needed to look else where because in my honest opinion it is the best and you shouldn't try fix something that isn't broke. #1
Authy is the best for me, don't have a problem with it so far.
i don't have android, so i use authy for pc, and so far so good.
is different authy and GA
i don't have android, so i use authy for pc, and so far so good.
is different authy and GA
I prefer Google authentication as I have tried it just once and even OTP received on a mobile number is safe as in the case of Xapo wallet. Both the methods are secure, easy and fast as well. I have heard about finger authentication and voice recognition methods as well but I have not seen any wallet using those methods which are much more reliable than Google and other authentication methods.
In my honest opinion the best 2FA option is the google authenticator app. It is easiest and free option, maybe they can allow to buckup our codes and send them to a personal email address.
Google authenticator works best imho but I have tried Authy too and find it to be working quite well, so those 2 would be my choices.
Google Authenticator is the only for me 2FA option i like to use, because GA is most advanced and secure one for use 2FA.
Obviously, closed source / closed protocol solutions shouldn't even be considered.
Clef may work conveniently in practice, however it's proprietary, commercial, and centralized, so NOPE.
Clef may work conveniently in practice, however it's proprietary, commercial, and centralized, so NOPE.
i only use google authenticator like most other people do. it's easy and makes hacking of accounts so much more difficult.
most of the other options in the pol are unknown to me.
most of the other options in the pol are unknown to me.
The poll is not about which is the best, but which is most known , actually.
this quite a simple question to answer, we all know that it is google auth, which is also the best
it's also the one that is more confortable to use
I just using Authy
I do not know which one is best
but I prefer Authy than others
I do not know which one is best
but I prefer Authy than others
The poll is not about which is the best, but which is most known , actually.
I only know about Yubi and Google Authenticator. I haven't used much 2FA solutions. Google Authenticator is free and does it's job pretty well. No complaints.
So many different 2fa options i must be living in the past because i have only heard and used Google Authenticator lol
Do these other 2factors charge because i might give a few of them a look and see what they offer but it is hard to get me to change something that has never had any issues.
I only know about Yubi and Google Authenticator. I haven't used much 2FA solutions. Google Authenticator is free and does it's job pretty well. No complaints.
I like authy and Google authenticator. I haven't heard of these other ones, but I will check them out!
Google Auth does it for me. Secure and simple. But I see Clef as a huge contender
Keep these things in mind when voting: Security, Ease-of-Use, Speed & Support
I don't think it can get much faster and easier than getting your phone out and typing a 6 digit code it gives you in to the box where it asks, i have never had a problem with google authenticator so no need for support thankfully & i have never tried anything else but that is quite a list. I vote for google 2fa.
It does actually get faster than typing in 6 digits. There's always room for improvements and some of these providers even offer fingerprint recognition as well as just waving your phone to log in to multiple sites.
Google authenticator is based on a standard called TOTP. Authy and others that are compatible with google authenticator operate according to that standard.
The best 2FA for crypto world is multisig.
The best 2FA for crypto world is multisig.
Looks like I'm on the only who likes Duo so far 
Keep these things in mind when voting: Security, Ease-of-Use, Speed & Support
I don't think it can get much faster and easier than getting your phone out and typing a 6 digit code it gives you in to the box where it asks, i have never had a problem with google authenticator so no need for support thankfully & i have never tried anything else but that is quite a list. I vote for google 2fa.
Isn't whatever Google Authenticator uses a standard? I have the Microsoft Authenticator and the keys for GA work just fine there.
Actually I've only heard of Google Authenticator, to be honest... What are the others, do they work similarly? Can you give a rundown on all the different services? Even though Google is often considered to be "evil" I do trust their implementations most when it comes to something like this.
Keep these things in mind when voting: Security, Ease-of-Use, Speed & Support
Jump to: