« previous next »
Pages: 1 [2]

Author Topic: 2FA Weakness  (Read 12195 times)

ergophobe

  • Inner Core
  • Hero Member
  • *
  • Posts: 9281
    • View Profile
Re: 2FA Weakness
« Reply #15 on: August 22, 2018, 03:08:14 PM »
Quote from: bill on August 22, 2018, 02:58:19 AM
Do they even have a free version?

Free for up to 10 users and without advanced features
https://duo.com/pricing
Logged

bill

  • Devil's Avocado
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 1286
  • Avast!
    • View Profile
    • Email
Re: 2FA Weakness
« Reply #16 on: August 29, 2018, 01:56:50 AM »
Hmm. They were acquired by Cisco, and to get the 'free' version you have to provide them with a ton of private information so that you can run thru the 30 trial of the more advanced feature set...before it will revert to the simpler free version.

Might look into OpenOTP or other open source alternatives before I would go with Duo as there's no syncing feature on any of them that I can see.
Logged

ukgimp

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2241
    • View Profile
Re: 2FA Weakness
« Reply #17 on: August 29, 2018, 08:55:22 AM »
Surely the syncing is where the risk comes in.
Logged

bill

  • Devil's Avocado
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 1286
  • Avast!
    • View Profile
    • Email
Re: 2FA Weakness
« Reply #18 on: August 30, 2018, 12:50:56 AM »
Yeah. That's probably the best feature and its Achilles heel.

Not being able to transfer 2FA tokens between devices certainly improves security, but setting up 100 or so accounts on multiple devices is unwieldy. Probably best to separate critical 2FA from my Authy profile and return to the more secure clients for those.
Logged

rcjordan

  • I'm consulting the authorities on the subject
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 16315
  • Debbie says...
    • View Profile
Re: 2FA Weakness
« Reply #19 on: August 31, 2018, 01:06:43 AM »
Big G pushing these:

Protect your online accounts with Titan Security Keys

https://www.blog.google/technology/safety-security/protect-your-online-accounts-titan-security-keys/
Logged

gm66

  • Inner Core
  • Hero Member
  • *
  • Posts: 1472
    • View Profile
Re: 2FA Weakness
« Reply #20 on: October 01, 2018, 05:02:23 PM »
Don't trust anything invented by Kim Dotcom ;+}

Strong passwords for the win!
Logged
Civilisation is a race between disaster and education ...

ergophobe

  • Inner Core
  • Hero Member
  • *
  • Posts: 9281
    • View Profile
Re: 2FA Weakness
« Reply #21 on: October 01, 2018, 06:05:44 PM »
Quote from: rcjordan on August 31, 2018, 01:06:43 AM
Big G pushing these:
Protect your online accounts with Titan Security Keys

Did we already mention here that Google now requires these of their employees. All work computers require a physical fob and they say it has brought the number of compromised accounts close to zero.

I don't doubt it. With every security measure, it's a convenience/security tradeoff. Everyone has to find their comfort level
Logged

rcjordan

  • I'm consulting the authorities on the subject
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 16315
  • Debbie says...
    • View Profile
Re: 2FA Weakness
« Reply #22 on: January 11, 2019, 04:25:18 PM »
Worth a read about how the exploit works

2FA codes can be phished by new pentest tool – Naked Security

https://nakedsecurity.sophos.com/2019/01/11/2fa-codes-can-be-phished-by-new-pentest-tool/
Logged
Pages: 1 [2]
« previous next »