Are 2FA safe? (1 Viewing)

Nafti

Member
Joined
Nov 11, 2020
Topics
78
Posts
1,101
Likes
748
Country flag
Interesting article below regarding 2FA.

https://www.cp24.com/mobile/news/ha...wMCyYHOtyt4IqpXPG_pQX3drtxok-d3-x7O2ZmOT5at0o

“ According to police, the victim had been targeted by a SIM swap attack, a method of manipulating cellular network carriers so scammers can intercept two-factor authentication requests.”

Could this happen if someone uses 2FA for their registrar account as well? Or anything else that you would use 2FA for.
 
Yeah, this year I've been getting more into security with my ventures into crypto. Even updating my regular passwords.

You have the normal 2FA, then a step up is:

Authenticator apps. I use Authy, try to not use anything from Google as much as possible. Then another step up is

something like a Yubikey. I think the auth apps are fine.
 
Nafti said:
Could this happen if someone uses 2FA for their registrar account as well? Or anything else that you would use 2FA for.

Yes, anything that uses SMS authentication is subject to a SIM-card swap, porting or forwarding attack.
 
If using 2FA through an app, you should

1) Not store your backup codes along with your passwords.
2) Be careful when considering a 2FA backup to the cloud, like with Lastpass Authenticator

I'm planning on looking for a solution where I can store/encrypt the 2FA backup elsewhere than the authenticator app. But an encrypted backup someplace is not a bad idea.

It's a pain to reset 20+ 2FA codes for a lot of different sides when/if your phone breaks. Don't ask me how I know :D
 
FM said:
It's a pain to reset 20+ 2FA codes for a lot of different sides when/if your phone breaks. Don't ask me how I know

That’s my biggest fear! :lol:
 
As I mentioned, there is also YubiKey which is a step up from 2fa and auth apps. This is what Coinbase recommends.


Trade with peace of mind
Authenticator apps help protect your Coinbase account even if your phone number is ported.

Faster and easier than SMS
Authenticator apps are more reliable than SMS, and they work when you don’t have cell service.

Authenticator
Install an authenticator app on your phone

Security key
Use your security key device

----------
Security Key being YubiKey, you can get at Amazon
 
Jonathan Hitchens said:
As I mentioned, there is also YubiKey which is a step up from 2fa and auth apps. This is what Coinbase recommends.

I've been using that for quite a while. I was introduced to that when fabulous.com introduced it at one point in 2007 or 2008 or so. I also had actual keyfobs for a while that would display the codes, for example from VeriSign.
 

Sponsors who contribute to keep dn.ca free for everyone.

Sponsors who contribute to keep dn.ca free.

Members who recently read this topic: 2

Back