The importance of different passwords and two step verification

LuckyBenski said:
1% chance from a random guess is TERRIBLE security :eek:
Click to expand...
I explained it poorly - it's like the opposite of OCUK 2FA. You click login, and then the website gives you the code. You then enter that code into the 2FA app.

So unlike most 2fa where the app gives you the code to provide it to the website, it works in reverse.

I guess it's harder for folk to be engineered to enter a code into an app versus provide a code??
 
dLockers said:
I explained it poorly - it's like the opposite of OCUK 2FA. You click login, and then the website gives you the code. You then enter that code into the 2FA app.

So unlike most 2fa where the app gives you the code to provide it to the website, it works in reverse.

I guess it's harder for folk to be engineered to enter a code into an app versus provide a code??
Click to expand...
Well it puts the onus on definitely having access to the device so there's that. Can't read an SMS notification off of a lock screen or smartwatch etc.
 
LuckyBenski said:
Well it puts the onus on definitely having access to the device so there's that. Can't read an SMS notification off of a lock screen or smartwatch etc.
Click to expand...
I guess that has meant in turn they've reduced the length of the code from 6 digits to 2.
 
I'm currently upping my security. Trying to get things important on 2fa. Thinking of disabling anything with 2fa text. And getting a couple of security keys incase I lose access I should always have some way to get it. Seeing this thread and knowing the potential hassle it could cause has opened my eyes a bit
My microsoft logins I've removed the passwords too
 
Last edited:
Why remove passwords? Just enable 2FA, it's as simple as that.

The password can simply be 3 unrelated words and nothing else, it will be just as secure as a complex password.

www.ncsc.gov.uk

The logic behind three random words

Whilst not a password panacea, using 'three random words' is still better than enforcing arbitrary complexity requirements.
www.ncsc.gov.uk www.ncsc.gov.uk

I have 30+ 2FA accounts set up in the MS Authenticator app, works just perfectly.
 
Last edited:
You must log in or register to reply here.
Back
Top Bottom