[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3bbfa603-bbf3-0f9e-f13b-a712a8140479@bestmx.net>
Date: Sat, 2 Jul 2016 17:10:33 +0200
From: "e@...tmx.net" <e@...tmx.net>
To: passwords@...ts.openwall.com
Subject: Re: 2-Factor vs Authentication
On 07/02/2016 04:47 PM, Yoha wrote:
> Definitely agree with the most common form of 2FA.
the emphasis is:
the most common variant of any "new technology"
advocated for by the major market players
with a choir of "experts" and "gurus"
is always a very harmful piece crap,
guaranteed to compromise users security;
and the populus plays along happy and trustful.
> This is why actual
> [OTP](https://en.wikipedia.org/wiki/One-time_password#How_OTPs_are_generated_and_distributed)
> are much better than confirmation codes sent to phone numbers/mail
> addresses. In particular,
> [TOPT](https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm)
> are very easy to use, more secure than confirmation codes, *and* much
> faster (there are sometimes delays of a few minutes before the
> confirmation codes is received). Additionally, they allow better
> flexibility (e.g. when using multiple phones).
in other words, the second factor is defined here as:
preshared piece of software.
seems ok, but i am devoid of any deep insight on that.
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
