Page 1 of 2 12 LastLast
Results 1 to 20 of 25
  1. #1

    Two Factor Authentication

    For security I have 2 factor authorization at my bank. I like the concept. Except it takes what seems like forever to get the code. Trying to figure if the problem is the bank, the system sending the text, my computer or whatever and if there is anything I can do to speed it up. Of course I could turn off the 2 factor. The bank does net seem to have trusted computer option that would mean I could sign on from my computer and not have the 2 factor but would need it from any other device.

    Any advice?

    Thanks

  2. #2
    Join Date
    Feb 2007
    Location
    Washington, DC area
    For me, two factor goes on any accts that deal with financials, and any email account that may be used for resetting passwords. I'm looking forward to the day we no longer need the current password regimen. I guess our phones will be grafted onto us or Bill Gates nanobots will take care of it.

    Have you checked with their tech support? Is there a better phone app? Change banks?

    -jk

  3. #3
    Quote Originally Posted by SoCalDukeFan View Post
    For security I have 2 factor authorization at my bank. I like the concept. Except it takes what seems like forever to get the code. Trying to figure if the problem is the bank, the system sending the text, my computer or whatever and if there is anything I can do to speed it up. Of course I could turn off the 2 factor. The bank does net seem to have trusted computer option that would mean I could sign on from my computer and not have the 2 factor but would need it from any other device.

    Any advice?

    Thanks
    Most large financial companies use third parties to send those codes out. The product I worked on in the insurance space did this. The request to send the code left our app and went straight to their system. We matched the code on the backend. We had an open portal that basically just showed their system response times to the code requests. That way if anyone complained, our customer service reps could look at it near instantly and let our customers know if the issue was us via the third party or if the issue was their phone company. We had service level agreements built into our contract, so this was an important data point for us.

  4. #4
    For online trust access for me, the bank implemented 2 factor… using 3rd party. Took a few months to get all the bugs out. I had to be put on the conference call with the bank and 3rd party a few times and had them walk me through the steps, and me telling them what I see. Now, after everything is resolved… no problems at all… great response when logging in. Apparently might have been something to do with area codes… never got an answer.

  5. #5
    Does the bank offer any other options? SMS is the worst 2FA method. Among other issues, it is not secure. An authentication app or RSA key would be preferable especially because there are secure, the code expires every 30-60 seconds, and no waiting. You just read it off the device. Yubikey is another option but I know of only a handful of banks that use it for customer logins.

  6. #6
    Join Date
    Jan 2010
    Location
    Outside Philly
    I prefer 3 factor authentication and stereos that go to 11.

  7. #7
    Quote Originally Posted by Kdogg View Post
    Does the bank offer any other options? SMS is the worst 2FA method. Among other issues, it is not secure. An authentication app or RSA key would be preferable especially because there are secure, the code expires every 30-60 seconds, and no waiting. You just read it off the device. Yubikey is another option but I know of only a handful of banks that use it for customer logins.
    The bank I referred to uses an authentication app... so yes, the code changes every 30 seconds. But even with this authentication app, took a few months for them to work out the bugs. I don't know why they implied an area code issue... maybe I'm confusing the timing, as that may have been SMS before implementing the authentication app.

  8. #8
    Quote Originally Posted by bundabergdevil View Post
    I prefer 3 factor authentication and stereos that go to 11.
    I prefer Rottweilers and tube amplifiers.

  9. #9
    Quote Originally Posted by Kdogg View Post
    Does the bank offer any other options? SMS is the worst 2FA method. Among other issues, it is not secure. An authentication app or RSA key would be preferable especially because there are secure, the code expires every 30-60 seconds, and no waiting. You just read it off the device. Yubikey is another option but I know of only a handful of banks that use it for customer logins.
    If someone is trying to get into your account enough that they are able get tap into you SMS...give up, they are already in.

    There is "national security" secure and there is "casual thief" secure. All the average person needs is "casual thief" secure. Something that if your password is compromised, someone can't easily steal your account.

  10. #10
    Quote Originally Posted by PackMan97 View Post
    If someone is trying to get into your account enough that they are able get tap into you SMS...give up, they are already in.

    There is "national security" secure and there is "casual thief" secure. All the average person needs is "casual thief" secure. Something that if your password is compromised, someone can't easily steal your account.
    There is a third “organized crime” secure too. Spoofing/Phishing, SIM swapping, social engineering, RDP attacks are all not uncommon. They target SMS 2FA which is convenient but not secure. SMS as 2FA is not long for this world.

    From Microsoft (as one example)

    https://www.thurrott.com/cloud/243821/microsoft-stop-using-sms-for-mfa
    Last edited by Kdogg; 06-10-2022 at 10:33 AM.

  11. #11
    @DevilAlumna would be a great person to weigh in on this topic.

  12. #12
    Join Date
    Feb 2007
    Location
    Earth
    Quote Originally Posted by SoCalDukeFan View Post
    For security I have 2 factor authorization at my bank. I like the concept. Except it takes what seems like forever to get the code. Trying to figure if the problem is the bank, the system sending the text, my computer or whatever and if there is anything I can do to speed it up. Of course I could turn off the 2 factor. The bank does net seem to have trusted computer option that would mean I could sign on from my computer and not have the 2 factor but would need it from any other device.

    Any advice? Thanks
    Switch to paper. I'll be the last person on Earth to switch to online banking, go cashless, etc. It annoys everybody under 40, and I'm a few years away from 50.

    I have an involuntary requirement to use a Yubikey. It's annoying as it seems easy to lose. I wish I knew where the data goes. It doesn't work with a pencil eraser press.

  13. #13
    Join Date
    Nov 2007
    Location
    Raleigh, NC
    Quote Originally Posted by Kdogg View Post
    There is a third “organized crime” secure too. Spoofing/Phishing, SIM swapping, social engineering, RDP attacks are all not uncommon. They target SMS 2FA which is convenient but not secure. SMS as 2FA is not long for this world.

    From Microsoft (as one example)

    https://www.thurrott.com/cloud/243821/microsoft-stop-using-sms-for-mfa
    I mean, convenience/ease of use vs security is a classic tradeoff and the answer isn't necessarily always "maximum possible security". SMS TFA is better than nothing, good enough for a lot of applications, and people are more likely to use it than some of the more complicated options.

  14. #14
    Join Date
    Feb 2007
    Location
    Ashburn, VA
    I have a Yubikey for my work computer, and we use Duo for MFA (which is pretty slick and can take advantage of the Yubikey but also had an option for secure push to my phone app if using another device).

    SMS is indeed not great, but definitely better than nothing. Still, it would be nice if my financial institutions all offered a secure 2FA option AND didn’t still allow (which you can’t disable) for weak/insecure options that defeat the entire purpose!

  15. #15
    Quote Originally Posted by snowdenscold View Post
    I have a Yubikey for my work computer, and we use Duo for MFA (which is pretty slick and can take advantage of the Yubikey but also had an option for secure push to my phone app if using another device).

    SMS is indeed not great, but definitely better than nothing. Still, it would be nice if my financial institutions all offered a secure 2FA option AND didn’t still allow (which you can’t disable) for weak/insecure options that defeat the entire purpose!
    2FA will be going biometric soon. Simple, secure, and easy.

  16. #16
    Join Date
    Feb 2007
    Location
    Earth
    Quote Originally Posted by fidel View Post
    2FA will be going biometric soon. Simple, secure, and easy.
    So what is the best way to destroy a Yubikey that collects biometric data?

  17. #17
    Quote Originally Posted by duke2x View Post
    So what is the best way to destroy a Yubikey that collects biometric data?
    Avada Kedavra? No idea.

  18. #18
    Join Date
    Feb 2007
    Location
    Washington, DC area
    Quote Originally Posted by duke2x View Post
    So what is the best way to destroy a Yubikey that collects biometric data?
    Sledge hammer? Microwave? (Might destroy the microwave, too.)

    -jk

  19. #19
    Quote Originally Posted by fidel View Post
    2FA will be going biometric soon. Simple, secure, and easy
    ... to steal.

    I'm not at all convinced biometric is a good idea. Seems to me that it's in effect a password you leave everywhere and can't change. Or if it does change (with aging, or injury) you get locked out.

    I'd get a Yubikey if it was adopted by more than just a couple important online places I frequent, and if those places didn't have fallback options that so easily bypass the extra security provided by the hardware token anyway. And as a consumer, I'd also like to see some real competition in that space - there's not much.

    IIRC there's an industry push to make your phone a hardware token.

    https://krebsonsecurity.com/2022/05/...our-passwords/

    As an option, that makes good sense. As a requirement, I would not be happy. Phones have to be kept charged, are more easily damaged, are much bulkier than hardware keys (which weigh almost nothing and you can put on a keychain), you can more easily have an effective backup hardware key in a safe deposit box or secured offsite, is it not a concern that phones (and their auth apps) are only protected by a PIN (i.e., extremely weak password), phones often have OS vulnerabilities, etc etc.

  20. #20
    Join Date
    Feb 2007
    Location
    Earth
    Quote Originally Posted by cspan37421 View Post
    ... to steal. I'm not at all convinced biometric is a good idea. Seems to me that it's in effect a password you leave everywhere and can't change. Or if it does change (with aging, or injury) you get locked out.
    You are correct. The only thing more sensitive than a fingerprint are the retinal eye scans you see in movies. Criminals will find a way a la Jurassic Park 1 to steal that data eventually and override 2FA. Phones are hot commodities unless you are Lord of the Flipphone.

    As an example, my first Duke card prominently had my SSN on the front with my picture. I had more than one midterm with the same on the front to make grade entry easier. (Aside-you've hit the jackpot beyond the easy A if you took Intro to Jazz and don't mind the prison time.) As noted above, I'm Jurassic compared to many of DBR denizens, but FDR didn't personally hand out my SS card.

Similar Threads

  1. Jersey Authentication
    By thedukeman in forum Off Topic
    Replies: 0
    Last Post: 04-08-2021, 05:49 PM
  2. Ultimate X-Factor: Marshall Plumlee
    By DavidBenAkiva in forum Elizabeth King Forum
    Replies: 66
    Last Post: 12-31-2014, 06:21 PM
  3. The Pride Factor??
    By BlueDevilCorvette! in forum Elizabeth King Forum
    Replies: 19
    Last Post: 01-19-2012, 12:55 PM
  4. The Karma Factor
    By tommy in forum Elizabeth King Forum
    Replies: 10
    Last Post: 03-26-2011, 11:08 AM
  5. Addition by Subtraction: the McRoberts factor
    By DukeCO2009 in forum Elizabeth King Forum
    Replies: 41
    Last Post: 11-11-2007, 05:27 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •