Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Fri 01 Aug 2014, 12:14
All times are UTC - 4
 Forum index » Off-Topic Area » Security
How about 2-step verification for important accounts?
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [5 Posts]  
Author Message
jpeps

Joined: 31 May 2008
Posts: 3220

PostPosted: Sat 11 May 2013, 05:15    Post subject:  How about 2-step verification for important accounts?  

Seems like a great idea for protecting google accounts, requiring codes sent to your phone when trying to gain access from a new computer/device. This should be the standard for credit cards as well....different password for every transaction. It's available for DropBox also.
Back to top
View user's profile Send private message 
Q5sys


Joined: 11 Dec 2008
Posts: 1047

PostPosted: Sat 11 May 2013, 06:17    Post subject: Re: 2-step verification  

jpeps wrote:
Seems like a great idea for protecting google accounts, requiring codes sent to your phone when trying to gain access from a new computer/device. This should be the standard for credit cards as well....different password for every transaction. It's available for DropBox also.



Two Factor Auth is great, but only if done properly. Done wrong its no better than single factor.
Example, online credit card transactions usually now require your 3 digit ccv number (the one on the back). that # is used for verifying the information you've given. (name, card #, epr date). The idea was to make sure you had the card in hand and not just written down or stole the card info
That number is NOT supposed to be stored anywhere, I think its actually in the CC POS Payment Service agreement... But leaked credit card dbases that have been stolen from online retails has shown alot of them storing that number in their database. So they've basically made that a pointless

Another Problem with 2 factor is that people dont want any hassle. This of course is a delicate balance. Easy enough not to be a hassle on the proper user, but too much trouble for a non user.

I think we'll slowly move into the right direction.

_________________



My PC is for sale
Back to top
View user's profile Send private message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Sat 11 May 2013, 06:28    Post subject:  

And in the fine print maybe one promise that their partners
have the right to use that phone number to alert you when
you walk past the stores that pay for the ads?

Or you can be phoned in the middle of the night
as often as their partners love to do. Sure one can afford
to have an old cell phone that one only use for banking
or google verification. I most likely have ten such old phones.

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
jpeps

Joined: 31 May 2008
Posts: 3220

PostPosted: Sat 11 May 2013, 11:50    Post subject: Re: 2-step verification  

Q5sys wrote:



Two Factor Auth is great, but only if done properly. Done wrong its no better than single factor.
Example, online credit card transactions usually now require your 3 digit ccv number (the one on the back). that # is used for verifying the information you've given. (name, card #, epr date). The idea was to make sure you had the card in hand and not just written down or stole the card info


The difference is that the number isn't stored by the user..it just registers a particular device. It won't work on another device. That's the beauty of it. Similarly with transactions, the code would become instantly useless for another transaction.

nooby wrote:

And in the fine print maybe one promise that their partners
have the right to use that phone number to alert you when
you walk past the stores that pay for the ads?


2 step verification is most likely provided by a third party security service...nobody else gets your phone number, and in itself has zero marketing value in that there isn't any personal info connected with it other than that you exist. Spamming occurs when you give out your personal info on sites that can exploit it for marketing...such as buying a particular product. My phone spams are almost always connected with my business listings...trying to sell me ads, websites, etc.
Back to top
View user's profile Send private message 
Q5sys


Joined: 11 Dec 2008
Posts: 1047

PostPosted: Sat 11 May 2013, 19:07    Post subject: Re: 2-step verification  

jpeps wrote:
Q5sys wrote:



Two Factor Auth is great, but only if done properly. Done wrong its no better than single factor.
Example, online credit card transactions usually now require your 3 digit ccv number (the one on the back). that # is used for verifying the information you've given. (name, card #, epr date). The idea was to make sure you had the card in hand and not just written down or stole the card info


The difference is that the number isn't stored by the user..it just registers a particular device. It won't work on another device. That's the beauty of it. Similarly with transactions, the code would become instantly useless for another transaction.




Well the devil is in the details. Trust me I'm sure some place will come up with a way that it'll be insecure. lol

Side note: I know of one site that if you try to log into the site with a different browser, or even a different configuration, it will prompt you for confirmation of one of your billing address details. It does this after you present the correct password.
It basically does a similar check as this: https://panopticlick.eff.org/
If it doesnt match up to what they have saved in their dbase... they ask you to confirm who you are.

_________________



My PC is for sale
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [5 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0587s ][ Queries: 12 (0.0060s) ][ GZIP on ]