[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ce8c882b-0905-6f94-e55c-1083ba1f68a2@sinon.org>
Date: Sat, 2 Jul 2016 16:47:28 +0200
From: Yoha <yoha@...on.org>
To: passwords@...ts.openwall.com
Subject: Re: 2-Factor vs Authentication
Definitely agree with the most common form of 2FA.
Le 02/07/2016 à 12:41, e@...tmx.net a écrit :
> can you guarantee the most important property of it (required by the
> 2-Factor) that the number will remain assigned to you next minute? NO
> YOU CAN NOT! The number belongs to your service provider and they have
> complete and exclusive control over it (and even that is
> questionable). Similarly you do not own «your» e-mail, «your» domain
> name, «your» passport number — all those things belong to other people
> whom you do not know even by names!
This is why actual
[OTP](https://en.wikipedia.org/wiki/One-time_password#How_OTPs_are_generated_and_distributed)
are much better than confirmation codes sent to phone numbers/mail
addresses. In particular,
[TOPT](https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm)
are very easy to use, more secure than confirmation codes, *and* much
faster (there are sometimes delays of a few minutes before the
confirmation codes is received). Additionally, they allow better
flexibility (e.g. when using multiple phones).
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
