Today's #securityHygiene post
There were a couple comments about 2 factor authentication (2FA) yesterday.
It's good, it's important, turn it on, *especially* for your email, banking, & CC sites.
In order of security, the three main types are:
SMS based - the site sends you a code you have to type in. This has been broken in the real world.
App Based - like Google authenticator or Authy - these have constantly changing codes.
Fob Based - there's a hardware token required for access
1/2
The reason these are so important is because, in theory you, and only you have to the code needed to complete the login.
Google has a high profile case for forcing 2FA on it's employees. No account compromises have occurred after they implemented that rule.
It's not a panacea, but any means, but it's a huge step in the right direction for a small speedbump in the login process.
@0x56
Does Google use their own public authenticator app, or something internal-only?
@Dobo - I can't say for certain, but the timing of all these stories were just about the same time that Google announced they'd be selling their own key fob. Which leads me to think that they dogfooded the fob.
https://www.cnbc.com/2018/07/25/google-to-sell-plug-in-security-key-to-replace-passwords.html
@Dobo - yubikey offers a NFC one that you might be able to use. I haven't used it, so I can't recommend it personally, I can just recommend looking into it.
Let's get one for Trump to use with his new soccer ball!
Whoa, wait for it, I have a new rumor to start: the soccer ball *is* an NFC authenticator so Trump can prove his identity in back channel communications with his Russian handlers! 😎 🤔
@0x56
Sounds likely.
The fob isn't going to work with my nifty Google phone, though. Unless I also carry around a USB C adapter.
Note to self: get a man purse.