Il mio telefono Google Fi è appena morto e quindi sto procedendo a disabilitare il 2FA sui vari servizi, in attesa di ricevere il rimpiazzo, per poi riabilitarlo. - Google ha gestito il passaggio in modo indolore, permettendomi di abilitare al volo l'iPad come secondo fattore - N26 oltre l'email e un numero segreto, vuole l'invio di un SMS persino per la disabilitazione del 2FA, ma l'SMS non arriva e i loro centri di supporto sono chiusi il fine settimana - Con la mia banca italiana non provo nemmeno, passo direttamente in agenzia domattina... - ce ne saranno molti altri da verificare. Una bella rogna. :) David Orban "What is the question that I should be asking?" twitter, linkedin, etc: davidorban On Sun, May 7, 2017 at 11:12 AM, J.C. DE MARTIN <demartin@polito.it> wrote:
*So Hey You Should Stop Using Texts for Two-Factor Authentication*
Andy Greenberg
Date of Publication: 06.26.16.
Since two-factor authentication became the norm for web services that care about securing your accounts, it’s started to feel like a security blanket, an extra layer keeping your data safe no matter whether your password is as strong as 8$&]$@I)9[P&4^s or as dumb as dadada. But a two-factor setup—which for most users requires a temporary code generated on, or sent to, your phone in addition to a password—isn’t an invincibility spell. Especially if that second factor is delivered via text message.
The last few months have demonstrated that SMS text messages are often the weakest link in two-step logins: Attacks on political activists in Iran, Russia, and even here in the US have shown that determined hackers can sometimes hijack the SMS messages meant to keep you safe. Whenever possible, it’s worth taking a minute to switch to a better system, like an authentication smartphone app or a physical token that generates one-time codes. And for services like Twitter that only offer second factor protections that depend on SMS, it’s time to wake up, smell the targeted attacks, and give users better options.
[…]
Continua qui: https://www.wired.com/2016/06/hey-stop-using-texts-two- factor-authentication/
_______________________________________________ nexa mailing list nexa@server-nexa.polito.it https://server-nexa.polito.it/cgi-bin/mailman/listinfo/nexa
ᐧ