Jump to content

Saxtus

Members
  • Content Count

    1598
  • Joined

  • Last visited

Posts posted by Saxtus


  1. On 11/1/2020 at 12:55 PM, Mitne said:

    although from what I know 2FA change code after each failed verification

    2FA codes are time sensitive. As long as you enter the correct code within the time period, even if you entered wrong code before, it should work.

    I am not saying that measures against brute force shouldn't be taken by LO, just 2FA doesn't work that way.

    https://security.stackexchange.com/a/185917/66167

    On 11/1/2020 at 12:55 PM, Mitne said:

    I just can't figure out why 2FA isn't based on SMS too. That would be better verification method for me.

    I am against SMS 2FA or 2FA that use proprietary apps in general.

    SMS 2FA codes comes with other problems, like trouble with routing, making your code either arrive with big delay or never, essentially locking you out. Not to mention the SIM swapping threat (although this is mainly a targeted attack)

    In my opinion Google Authentication compatible 2FA codes are the best in this case.


  2. 7 minutes ago, Kevkof said:

    If you're saying to get another app, I'd rather just use a 2FA app like Authy which does have a backup option and even has a PC client available.

    That is exactly what I meant.

     

    I read that they fixed token time sync issues.

    Have they fixed the issue with requiring a new token when you switch characters too?

    • Like 1
×
×
  • Create New...