Authentication methods

[Geffers]

I was recently forced into using an authenticator app so thought I'd give it a go with another web page I use. As I reached the end of the easy procedure I was then advised to download and keep (And secured with yet another password) around 12 hexadecimal numbers sequences to recover my account if I lose my phone (and the app). Warning if I lose the phone and don't have recovery codes the account may be lost. I decided to abort and go back to my normal password and text message to phone, which is 2FA.

This is becoming so complicated many are going to have issues in the future. Plus of course the software writers then decide not to update the app and one has to buy a new phone.

Geffers

 

[Retro]

Oh yeah, 2FA makes it super easy to lock yourself out of your account permanently in a catch-22 situation. It's the biggest reason I don't like it.

 

[Geffers]

Oh yeah, 2FA makes it super easy to lock yourself out of your account permanently in a catch-22 situation. It's the biggest reason I don't like it.

What is the alternative though? Online hacking is becoming a thing now. I generally check the padlock item if any financial transactions are to take place, With banks generally look at the certificate, maybe paranoia but only takes moments.

Geffers

 

[Retro]

Well, security is inherently a pita, so while I don't like it, it is necessary unfortunately, so I do advocate its use.

When you check that padlock, also check that the url is what you expect and not something subtly different. I don't think there's too much paranoia when it comes to online security.