RE: Always Put 2FA on Your Exchange Accounts

You are viewing a single comment's thread from:

Always Put 2FA on Your Exchange Accounts

in bitcoin •  7 years ago  (edited)

I agree, 2FA is a must. I recently started using the Google Authenticator and it's actually easier to use than getting a code by SMS which can be hacked by social engineering access to your mobile phone account. However, I've heard some sites have a security flaw that allows hackers to bypass 2FA by using the password reset page. Someone with your user name and access to your email (many times your user name and email address are one and the same) can log-in to a site by using the password reset feature since many sites don't require 2FA for a password reset, and log you in automatically after you reset the password. Best advice, don't keep coins/fiat on exchanges.

bitcoin
7 years ago by

Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

  • Disagreement on rewards
  • Fraud or plagiarism
  • Hate speech or trolling
  • Miscategorized content or spam

Submit
$0.12
  • Past Payouts $0.12
  • - Author $0.11
  • - Curators $0.01
6 votes
6
Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  
  • Trending
    • [-]
      ·  7 years ago 

    Another reason to avoid SMS 2FA is due to the well documented flaws in SS7 (Signaling System 7)

    https://en.wikipedia.org/wiki/Signalling_System_No._7

    Google Authenicator is hands down one of the best apps for 2FA

    I also read today that Apple users are being extorted even though they have 2FA setup on their accounts:

    http://wccftech.com/apple-icloud-ransomware-campaign/

    Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

    • Disagreement on rewards
    • Fraud or plagiarism
    • Hate speech or trolling
    • Miscategorized content or spam

    Submit
    $1.52
    • Past Payouts $1.52
    • - Author $1.38
    • - Curators $0.14
    5 votes
    [-]
      ·  7 years ago 

    Great pointers, thanks.

    Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

    • Disagreement on rewards
    • Fraud or plagiarism
    • Hate speech or trolling
    • Miscategorized content or spam

    Submit
    $0.00
      [-]
        ·  7 years ago 

      That Apple story is amazing and another message to website and app designers tht 2FA can't work if you don't require it at all times. Giving access to account maintenance and password changing without 2FA is stupid!

      Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

      • Disagreement on rewards
      • Fraud or plagiarism
      • Hate speech or trolling
      • Miscategorized content or spam

      Submit
      $0.00
        [-]
          ·  7 years ago (edited)

        I work in computer security and have seen a couple of websites which require 2FA on the surface, but do not actually check for the token, or offer a 'remember me' option which bypasses the 2FA. Businesses are more worried about the user experience (usability) than making the applications secure. They miss the point that if you get hacked, people definitely won't be using the website...

        Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

        • Disagreement on rewards
        • Fraud or plagiarism
        • Hate speech or trolling
        • Miscategorized content or spam

        Submit
        $0.00
          [-]
            ·  7 years ago 

          Yes. A false sense of security or a way to avoid blame when they are hacked. "We had 2FA."

          Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

          • Disagreement on rewards
          • Fraud or plagiarism
          • Hate speech or trolling
          • Miscategorized content or spam

          Submit
          $0.00
            [-]
              ·  7 years ago 

            google authenticator is not a good idea, if you loose your phone you will be in a big troble, use authy instead.

            Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

            • Disagreement on rewards
            • Fraud or plagiarism
            • Hate speech or trolling
            • Miscategorized content or spam

            Submit
            $0.00