Are 2FA safe?

Nafti

Member
Joined
Nov 11, 2020
Topics
57
Posts
778
Likes
458
Interesting article below regarding 2FA.

https://www.cp24.com/mobile/news/ha...wMCyYHOtyt4IqpXPG_pQX3drtxok-d3-x7O2ZmOT5at0o

“ According to police, the victim had been targeted by a SIM swap attack, a method of manipulating cellular network carriers so scammers can intercept two-factor authentication requests.”

Could this happen if someone uses 2FA for their registrar account as well? Or anything else that you would use 2FA for.
 

MapleDots

Community Guide
Verified Member
Boardroom Access
Joined
Nov 4, 2020
Topics
699
Posts
2,809
Likes
2,391
Market
Joined
Jul 9, 2021
Topics
0
Posts
52
Likes
28
Yeah, this year I've been getting more into security with my ventures into crypto. Even updating my regular passwords.

You have the normal 2FA, then a step up is:

Authenticator apps. I use Authy, try to not use anything from Google as much as possible. Then another step up is

something like a Yubikey. I think the auth apps are fine.
 

FM

WHC.ca
Service Rep.
Verified Member
Boardroom Access
Joined
Nov 20, 2020
Topics
49
Posts
647
Likes
432
Nafti said:
Could this happen if someone uses 2FA for their registrar account as well? Or anything else that you would use 2FA for.

Yes, anything that uses SMS authentication is subject to a SIM-card swap, porting or forwarding attack.
 

FM

WHC.ca
Service Rep.
Verified Member
Boardroom Access
Joined
Nov 20, 2020
Topics
49
Posts
647
Likes
432
If using 2FA through an app, you should

1) Not store your backup codes along with your passwords.
2) Be careful when considering a 2FA backup to the cloud, like with Lastpass Authenticator

I'm planning on looking for a solution where I can store/encrypt the 2FA backup elsewhere than the authenticator app. But an encrypted backup someplace is not a bad idea.

It's a pain to reset 20+ 2FA codes for a lot of different sides when/if your phone breaks. Don't ask me how I know :D
 

Nafti

Member
Joined
Nov 11, 2020
Topics
57
Posts
778
Likes
458
FM said:
It's a pain to reset 20+ 2FA codes for a lot of different sides when/if your phone breaks. Don't ask me how I know

That’s my biggest fear! :lol:
 
Joined
Jul 9, 2021
Topics
0
Posts
52
Likes
28
As I mentioned, there is also YubiKey which is a step up from 2fa and auth apps. This is what Coinbase recommends.


Trade with peace of mind
Authenticator apps help protect your Coinbase account even if your phone number is ported.

Faster and easier than SMS
Authenticator apps are more reliable than SMS, and they work when you don’t have cell service.

Authenticator
Install an authenticator app on your phone

Security key
Use your security key device

----------
Security Key being YubiKey, you can get at Amazon
 

FM

WHC.ca
Service Rep.
Verified Member
Boardroom Access
Joined
Nov 20, 2020
Topics
49
Posts
647
Likes
432
Jonathan Hitchens said:
As I mentioned, there is also YubiKey which is a step up from 2fa and auth apps. This is what Coinbase recommends.

I've been using that for quite a while. I was introduced to that when fabulous.com introduced it at one point in 2007 or 2008 or so. I also had actual keyfobs for a while that would display the codes, for example from VeriSign.
 
Members who read this topic: 0
    Top Bottom