Microsoft: 99.9% of compromised accounts did not use multi-factor
-
It's also handy to have a 2FA app like Authy that has a desktop app as well as mobile and syncs across multiple devices, so you don't have to hunt to find your phone when a code is required.
-
-
![]()
If you are not using 2FA, you are at a much greater risk. You should be using it on every account where it is offered.
I suggest something like google authenticator over text message two factor authentication whenever possible. (2fa)
Having a code sent to your email is not two factor.
I am very surprised people on this site are not recognizing the importance of it. Anyone refusing to use 2fa is part of the problem in decreased security. Especially those using weak passwords. There are password managers and two factor which greatly increase security and it's not inconvenient at all. You can set your own personal devices to not ever ask if you don't want to be bothered. What I do, is I remember only the passwords for the important stuff, and save all the passwords for the things that don't really matter. I also have two factor on for everything important.
While companies can/should do a lot on there end and should do more to secure peoples accounts, (not storing things in plain text for example) It is also the user's responsibility to secure there end as much as reasonably possible.
Remember that "hacks" are not always the companies fault. Most intrusions are caused by the user having a poor password, or there machine is infected. It is usually not the companies fault in intrusions. Most "hacks" reported by the media are not actual hacking, but rather guessing of passwords, or social engineering/scamming others. This is my number 1 pet peeve of the media. They do not label these correctly and make the company look bad for no reason.
This is why two factor is important. It is something you know (your password) and something you have (two factor code on phone).
I honestly think two factor should be mandatory for all important accounts such as banks etc.
-
What I have been nagging friends, family, and strangers in coffee shops with is the concept that anything that is offered to you online that makes logging into a secure website "faster and more convenient!" is a bad idea. What makes it easy for you makes it easy for "them".
So, use 2FA? YES - always.
Do you want us to recognize you on this PC? - NO!
Do you want us to save your username? - NO!
Do want us to save your credit card number? - NO! (someone tell Amazon)
-
![]()
I avoid 2FA as a plague, it is up to the provider to secure his server and not to store passwords in plain text and such. Paypal for example allows to use only 20 characters long password, that can be easily breached within days and I can use 200 characters long password on a forum? Unbelievable. But of course that they blame users, it is easier.
Incredible and unbelievable!
Comparing 2FA to a plague just shows that you do not care if your accounts will be hacked. The difference between us is, that I could give you my PayPal password, but you would not get in to my PayPal account because I use 2FA. If I had your password, I would come in.
In my opinion, it is irresponsible to post something like that, to encourage people to not protect their accounts. If negative rep were possible, you would have got some from me now.
It doesn't quite work like that - each character has to be tested separately. There is no feasible way you can guess something like this in one go : ?Uj7%MfU<8X+vGFB+2Q
Precisely!
Hi folks
Banks and other financial institutions send you a code to another device e.g a phone to complete login process.
Since September 2019, European Union regulation requires all banks and financial institutions to use 2FA. Without it, you cannot login to online banking and such.
The "resistance" I had to 2FA is the inconvenience of having to read an email or text to receive the 2FA code to complete the sign in process.
That's of course up to each user. Would I like to have my PayPal and bank accounts being safe, or unsafe and easier to use.
Kari
-
-
If you are not using 2FA, you are at a much greater risk. You should be using it on every account where it is offered.
I suggest something like google authenticator over text message two factor authentication whenever possible. (2fa)
Having a code sent to your email is not two factor.
Good advice on authenticator apps instead of plaintext SMS. However, be aware that the Google Authenticator has had issues in the past:
Still using Google Authenticator? Here's why you should get rid of it today | ZDNet
You are better off with authenticators such as Authy or Duo.
-
You are better off with authenticators such as Authy or Duo.
I can recommend Microsoft Authenticator. I use it mainly on my phone, but also on an Android virtual machine. Works with any service, including Google accounts.
Kari
-
![]()
Kari said:
I can recommend
Kari said:
Microsoft Authenticator. I use it mainly on my phone, but also on an Android virtual machine. Works with any service, including Google accounts.
Kari
Authy and Duo and microsoft authenticator and googles are still vulnerable to the same flaws though. The screen reading one is still possible for any. The thing is, there is no perfect security. If your directly targeted nothing will stop it. Authy adds convenience by syncing the codes to other devices which causes more room for possible breaches.
Any 2fa app is pretty much as secure as any other. They all have flaws. If you are a regular less tech savvy user, I would advise authy or microsoft's authenticator over google authentication because the sync feature is good for people who don't follow instructions to download and save there backup codes in the event of the phone breaking. Microsoft's actually would probably be more trustworthy sync app vs authy now that I think about it. And it is still more secure then having nothing at all.
Also, I don't want an app that holds the data in a server somewhere. That defeats the purpose of a 2fa app in my opinion. Googles is strictly offline. For me, the downsides are actually the advantages. Android's secure containers are being more improved, which should prevent other apps from interacting with 2fa apps. However, the screen reader issue is difficult to resolve.
The constant problem with security is making the security as convenient as possible, while still making it hard to attack. And for every convenience, there is a new loop hole.
Having said that, using 2fa is better than a password, and should be used. Anything that makes it harder for someone to get into your account will increase the chance of someone going after someone else who is an easier target.
Don't make yourself an easy target.
-
-
Let me fix that for you ...
PayPal also allows (suggests) 2FA.
The "resistance" I had to 2FA is the inconvenience of having to read an email or text to receive the 2FA code to complete the sign in process.
That's of course up to each user. Would I like to have my PayPal and bank accounts being safe, or unsafe and easier to use.
What I really said ....
PayPal also allows (suggests) 2FA.
The "resistance" I had to 2FA is the inconvenience of having to read an email or text to receive the 2FA code to complete the sign in process. At first I turned 2FA off after setting it up, but the world we live in today has made me embrace it. As annoying as it is, it at least adds a another layer of protection.
Thanks 
BTW I also use the Microsoft Authenticator app.
-
-
"Hacks don't happen on peoples computers"
That is a way too generic (and wrong) affirmation...
Quote
