Jump to content

2 Step Authentication?

Creallie

By Creallie,
in General Discussion Forum

 Share
You are about to reply to a thread that has been inactive for 2218 days.

Please take a moment to consider if this thread is worth bumping.

Recommended Posts

Pamela Galli

Pamela Galli

Posted
Posted

Creallie wrote:

Mandatory, not as in the user should be forced to use it, but the company should be forced to provide it. I was about to spend cash here until I figured it it didn't exist now I'm totally out.

Yes I understan you think LL should be forced to provide it, but what entity or agency do you think has the authority to force a business to use two factor authentication?

Link to comment
Share on other sites
Chaser Zaks

Chaser Zaks

Posted
Posted

LL already has 2-step authentication on their to-do list, but they want to make sure they choose a good 2-step authentication protocol/method/service, it works flawlessly so it doesn't suddenly break(I.E: protentially locking people out of their accounts).

See

As for forcing companies to require 2-step authentication, I am highly against it. No one should have the authority to tell a company how to control their website.

Link to comment
Share on other sites
Sassy Romano

Sassy Romano

Posted
Posted

Chaser Zaks wrote:

 

As for forcing companies to require 2-step authentication, I am 
highly
against it. No one should have the authority to tell a company how to control their website.

Well that already happens all the time and it's a good thing that companies are called into compliance.

https://www.pcicomplianceguide.org/pci-faqs-2/

Not specifically around this one issue but in terms of tell a company how it must handle cards for example.  The OP is spot on, not necessarily 2-step, could be 2-factor or as appropriate but for those of us who expect better, much stronger authentication than username/passphrase is a must for a sensible starting point for authentication and subsequent signing of transactions on a site where people are transacting sums of money that constitute their RL income.

Link to comment
Share on other sites
  • 2 years later...
Gylia Moonites

Gylia Moonites

Posted
Posted (edited)

I think a lot are not aware of how the 2FA works today. Unlike a 2nd set of password some MMO games provided back in the stone ages.
Now 2FA users don't even know the password themselves until they checked on the app on their phone.
These passwords changed every minute making it "near" impossible to hack by average hackers or someone that happened to guessed your account password. And as the 2FA setup goes... only the simplest minded people in existence will go through all the troubles just to find the infos used to provide the 2FA generator for a phishing scam. So yes, 2FA is certainly far far better than SL current password system. A FEW TIMES better in fact.
The down fall being that google wasn't able to provide a "saving" method of the 2FA account due to security reason, making it not only hard to breach but a pain for anyone who lost their 2FA device. This means you are locked out from your own account if you lost your phone. But on the other hand, other Authenticator provides a "cloud saving" method so no matter where or on which phone you use, you still gain access to your 2FA informations. Less secured but it works.

Edited by Gylia Moonites
Link to comment
Share on other sites
Richardus Raymaker

Richardus Raymaker

Posted
Posted

2FA is a big anoyi g implementation and make thi gs not really saver.

If you think E-mail is save that you use for 2FA. nope.

The big problem is the user that use weak passwords. Click on wrong links. Use build in webbrowsers. Webbrowsers that hide default parts of the url.

 

2FA is just hell, to frudtrate the user. Glad i do not have a smartphone.

And this fkrum still frustrating to because the implemented the enter key wro g.

 

 

  • Haha 1
Link to comment
Share on other sites
Love Zhaoying

Love Zhaoying

Posted
Posted
29 minutes ago, Richardus Raymaker said:

2FA is a big anoyi g implementation and make thi gs not really saver.

If you think E-mail is save that you use for 2FA. nope.

The big problem is the user that use weak passwords. Click on wrong links. Use build in webbrowsers. Webbrowsers that hide default parts of the url.

 

2FA is just hell, to frudtrate the user. Glad i do not have a smartphone.

And this fkrum still frustrating to because the implemented the enter key wro g.

 

 

Noe iz toe tally save! Unlass sum1 steel yer fone

  • Haha 2
Link to comment
Share on other sites
Blush Bravin

Blush Bravin

Posted
Posted

Personally, I'm not a fan of two-step authentication. I think it's annoying. I'd rather use strong passwords and change those passwords often. I've seen lots of people get their accounts ripped but it happened because they clicked on phishing links. I may be sitting here with my head in the sand, but I just don't like the hassle of using two-step authentication.

  • Like 2
Link to comment
Share on other sites
Gabriele Graves

Gabriele Graves

Posted
Posted (edited)

Security is a continuum with secure, hard, annoying at one end and insecure, easy, convenient at the other.
In my opinion, everyone should be allowed to choose where they want to be on the continuum as long as they are prepared to deal with the consequences.

Edited by Gabriele Graves
added missing 'they'
  • Like 3
Link to comment
Share on other sites
Chaser Zaks

Chaser Zaks

Posted
Posted (edited)

As someone who actively advocates and encourages two factor authentication, I would like to point out the following:

  • Two factor authentication is optional. No one is required to use it, but it provide extra layer of security for those who do want to use it.
  • Two factor authentication, when programmed right, isn't always needed to be entered. Take Guild Wars 2 for example, I have 2FA set up on it, but it rarely asks for authentication because it has fingerprinted my device on what is normal. (Hense, three modes: No 2FA, Light 2FA(Fingerprinting), Strict 2FA(Always ask)).
  • Two factor authentication is actually a lot easier than people make it out to be, you install a app(such as Google Authenticator), scan a QR code, and voila 2FA is set up!
  • Number based 2FA isn't the only option. There is a physical 2FA that you plug into your computer and it does the authentication for you.
  • You can also use SMS should you choose.
Edited by Chaser Zaks
  • Like 1
Link to comment
Share on other sites
Alyona Su

Alyona Su

Posted
Posted
50 minutes ago, Blaise Glendevon said:

2 Step Authentication would irritate the living daylights out of me even more, though. Who has time?

I concur.

The office I work for uses LastPass exclusively, at home I use Bit Warden, which I like better. Then there are others like 1Password and such. These are really the best answer when used with a truly secure password like "ygW9lT$#0oGF^9*!yz". But even if you don't want to use one of those, a longer password works great, like "ducks.are.yellow.or.green.but.usually.white" is better than "passworD123" :)

Link to comment
Share on other sites
You are about to reply to a thread that has been inactive for 2218 days.

Please take a moment to consider if this thread is worth bumping.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing
×
×
  • Create New...