Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
Hate 2-FA. Requiring it when I have no cell service means I can't use the phone for Email or anything else, because God-flipping-forbid I want to look at Accuweather or my calendar without someone sending me a text first.
2-FA is slated to be replaced by a new logon standard called passkeys. We should start to see initial implentation later this year during the autumn months.
Rob Braxmann can explain the technical aspects much better than I can.
2-FA is slated to be replaced by a new logon standard called passkeys. We should start to see initial implentation later this year during the autumn months.
Rob Braxmann can explain the technical aspects much better than I can.
[sniptube]
I watched the first quarter of it, and will probably revisit it in a few days.
The gist I got was that it is a serious privacy threat, and only offers advantage to those who cannot otherwise manage their own password lists.
I watched the first quarter of it, and will probably revisit it in a few days.
The gist I got was that it is a serious privacy threat, and only offers advantage to those who cannot otherwise manage their own password lists.
The only thing I would add to the gist as you stated it is the following: big tech like Google and Facebook loves 2FA because it enables them to harvest the contact lists of users. This means that identifiable data of non-users is introduced into those ecosystems despite any efforts of the non-users to keep their own data out of said ecosystems.
While institutions such as online banks and brokerages may use 2FA for legitimate security measures the ad-supported big tech companies user it for nefarious purposes to extend their data collection beyond their own user bases.
uh... Passkey isn't replacing 2FA. Passkey IS 2FA.... or more accurately, MFA.
Passkey, Yubico, and SMS validation (and various other methods) are all multi-factor authentication solutions.
They simply differ in how the authentication is implemented.
Passkey simply utilizes PKI as opposed to the traditional (or any type of) passwords. The service you're trying to use simply authenticates you by creating a challenge using your public-key that you need to respond to using your private key.
Of course, all of this hinges on keeping that private key... private. But, aside from that it's pretty damn secure. There's essentially no passwords to intercept or steal... so no weak or reused passwords. And since it's essentially automatic outside of a biometric to allow your private key to be used, there's no fumbling with a 2nd device, etc.
Hate 2-FA. Requiring it when I have no cell service means I can't use the phone for Email or anything else, because God-flipping-forbid I want to look at Accuweather or my calendar without someone sending me a text first.
This is incorrect. You have it backwards. With the authenticator you DON'T need cell service, only internet.
Using text (SMS) codes is when you need cell service.
Hate 2-FA. Requiring it when I have no cell service means I can't use the phone for Email or anything else, because God-flipping-forbid I want to look at Accuweather or my calendar without someone sending me a text first.
Right. Because most of us deal with not having cell service all the time. And Accuweather is not using 2FA. LOL Funny though.
Quote:
Originally Posted by AtkinsonDan
The only thing I would add to the gist as you stated it is the following: big tech like Google and Facebook loves 2FA because it enables them to harvest the contact lists of users. This means that identifiable data of non-users is introduced into those ecosystems despite any efforts of the non-users to keep their own data out of said ecosystems.
That's absolutely paranoid BS.
Quote:
Originally Posted by TRex2
I don't like 2fa for a number of reasons.
Most of which have already been mentioned.
Because you're afraid Google is going to "harvest your number..." Right? Now, like I said, that's BS. If any of these big companies really wanted your phone number, they'd get it. None of the big tech companies are selling your phone number or even keeping it for themselves. Phone numbers? They don't even care about phone numbers these days. No one TALKS ON THE PHONE anymore. They surely aren't answering phone calls from people they don't know. Phone numbers are about the least useful thing for companies to use today.
Paranoid BS.
But here's the thing: this is exactly a reason that you should use an authentication app then. It works WITHOUT YOUR PHONE NUMBER. It works WITHOUT YOUR EMAIL ADDRESS. It works 100% WITHOUT ANY PII (Personal Identifiable Information).
Absolute madness that people are anti auth apps...
Here's an authentication app from one of the front runners in password reminder apps.
Does it all, encrypted, open source. The current password manager darling. Remembers passwords securely for you and includes an authenticator. Best of both worlds. If you really want to secure your online life, you should be using authentication on every account that you want to secure.
Because you're afraid Google is going to "harvest your number..." Right? Now, like I said, that's BS. If any of these big companies really wanted your phone number, they'd get it. None of the big tech companies are selling your phone number or even keeping it for themselves. Phone numbers? They don't even care about phone numbers these days. No one TALKS ON THE PHONE anymore. They surely aren't answering phone calls from people they don't know. Phone numbers are about the least useful thing for companies to use today.
Paranoid BS.
But here's the thing: this is exactly a reason that you should use an authentication app then. It works WITHOUT YOUR PHONE NUMBER. It works WITHOUT YOUR EMAIL ADDRESS. It works 100% WITHOUT ANY PII (Personal Identifiable Information).
Absolute madness that people are anti auth apps...
Here's an authentication app from one of the front runners in password reminder apps.
Does it all, encrypted, open source. The current password manager darling. Remembers passwords securely for you and includes an authenticator. Best of both worlds. If you really want to secure your online life, you should be using authentication on every account that you want to secure.
As usual, you are about half right. Google (aka "Big Sister")already has my number, but I have evidence that "little sister" did sell my number to someone, when 2fa first became a thing, because, as I adopted it, I got a flood of spam calls and texts to my (flip style) cell phone, which wasn't connected to my real name, at the time. They eventually faded out.
I am still learning about these "authentication apps," which is why I said I would look at the rest of the video, later. I think the tech could work in our favor, if Big Brother and Big Sister don't collude to make it work against us. (You are probably too young to remember the PGP 2.0 and Clipper Chip wars. I was actually a part of those wars. (Hence, some of my paranoia.) )
I watched the first quarter of it, and will probably revisit it in a few days.
The gist I got was that it is a serious privacy threat, and only offers advantage to those who cannot otherwise manage their own password lists.
Well, I did go back and review this video, and have to admit my first impression was wrong.
From the video, it appears that the new system neither improves, nor worsens, the privacy situation, but it appears to be a plus for security. (In case someone reading this is not aware, the two are not the same.)
In other words, it improves security, without a loss of privacy.
Quote:
Originally Posted by macroy
uh... Passkey isn't replacing 2FA. Passkey IS 2FA.... or more accurately, MFA.
Passkey, Yubico, and SMS validation (and various other methods) are all multi-factor authentication solutions.
They simply differ in how the authentication is implemented.
...
I would like to study this more.
Does anyone have a pointer to a simi technical discussion on Passkey and Yubico?
Well, I did go back and review this video, and have to admit my first impression was wrong.
From the video, it appears that the new system neither improves, nor worsens, the privacy situation, but it appears to be a plus for security. (In case someone reading this is not aware, the two are not the same.)
In other words, it improves security, without a loss of privacy.
I would like to study this more.
Does anyone have a pointer to a simi technical discussion on Passkey and Yubico?
Maybe FIDO alliance is a good place to start? They essentially set the standard where most of these strong authentication mechanisms are based on.
Please register to post and access all features of our very popular forum. It is free and quick. Over $68,000 in prizes has already been given out to active posters on our forum. Additional giveaways are planned.
Detailed information about all U.S. cities, counties, and zip codes on our site: City-data.com.
Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
