Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 2 Jul 2016 17:20:11 +0200
From: Yoha <>
Subject: Re: 2-Factor vs Authentication

Le 02/07/2016 à 17:10, a écrit :
> On 07/02/2016 04:47 PM, Yoha wrote:
>> Definitely agree with the most common form of 2FA.
> the emphasis is:
> the most common variant of any "new technology"
> advocated for by the major market players
> with a choir of "experts" and "gurus"
> is always a very harmful piece crap,
> guaranteed to compromise users security;
> and the populus plays along happy and trustful.

Sorry, I was not clear. I meant: I agree with your point of view,
regarding this approach (sending a confirmation code), which seems to be
the most common one from my personal experience.

>> This is why actual
>> [OTP](
>> are much better than confirmation codes sent to phone numbers/mail
>> addresses. In particular,
>> [TOPT](
>> are very easy to use, more secure than confirmation codes, *and* much
>> faster (there are sometimes delays of a few minutes before the
>> confirmation codes is received). Additionally, they allow better
>> flexibility (e.g. when using multiple phones).
> in other words, the second factor is defined here as:
> preshared piece of software.
> seems ok, but i am devoid of any deep insight on that.

Well, there is not deep insight, it just look like the correct way to do
any 2FA since, as you described previously, sending a confirmation code
may not add that much security.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.