>You write something about 2 factor authentication. Those would let you get back into your account if you lose your security keys. Some systems provide you with "recovery codes" that you can download, print out, and store in a safe or something. If that happens, you may be permanently locked out of your accounts. The risk with 2FA is that if you use an app like Google Authenticator, then if your phone gets destroyed or stolen you can lose access to your 2FA keys. It has cloud backup options so I don't lose my security keys in case my phone gets destroyed. I personally use Authy on my phone for 2FA.
#Wildstar 2 step verification lost code code#
That's 2FA, albeit a very bad implementation of it.Ī good 2FA implementation will usually involve a rotating security code that you obtain via an app on your phone or a physical keyfob. You've probably had banks or other services try to e-mail you or send you a text message with a code you have to also type in.
#Wildstar 2 step verification lost code password#
When you log in to a service with 2FA enabled, you have to provide your password and a security code. So you need to decrypt the tokens even after downloading them (even if a hacker get past #2)ĢFA stands for two-factor authentication. In addition to #2, because its client side decrypted, your tokens are encrypted by a password that only you know per #1. You need to confirm via SMS AND e-mail in the event you lose your phone. I'm willing to bet 99% of average users don't even care about this anyway, but the fact they're willing to push that they do this is cool. Sure it's closed source, but like LastPass, they have reiterated their commitment to security. Here are some features I find that make it very secure: I find it extremely useful where I dont have to worry about losing my phone.
The fact that Google offers to save your passwords in Chrome, means that it wouldn't be a total security failure to add a backup for Authenticator keys. It's always been about providing a balance between user friendliness and security. Furthermore, Google has never been about maximizing user security to the point you can be Edwards Snowden and feel comfortable with their services. While a cloud backup isn't the most secure for most users, in general backing up TOTP tokens IMO is far safer than having an SMS fallback given the vulnerabilities with SMS (i.e. In the Bitcoin world for instance, if you lose your 2FA tokens, you're SOL for security reasons. Many international sites won't have SMS backup either. Regarding backup codes, that's specific to Google logins, and not every site has this. Now before you mention that there are backup codes and cloud backups are insecure, let me address the following. I really wish Google added a way to backup the tokens via cloud.
0 kommentar(er)
