TexasCHLforum.com

Maybe I am just in a whiny mood.

Any one else have issues with two factor authentication?

Example:
You sign on to a web site with your home desktop computer. You know, the one you keep LOCKED up inside your house and no one else uses it. The web site wants to confirm "IT'S REALLY YOU" so it sends you an email. The email is slow to arrive. You move on to something else. The 6 digit code is EXPIRED when you finally get back to it. OR you try again. and ALL of the codes you finally get are 'bad'.

I buy too much stuff on Amazon. I order something. Switch to my email tab and hit refresh. The confirmation email is there. Seconds after you clicked BUY.

My Current Theory:
I set up my web page 15 or so years ago. I suspect that it is hosted Off Shore. The NSA is monitoring my emails and a human must look at the two factor confirmation emails.

Another Theory:
The "Pointy Haired Boss" (from Dilbert) wants to do use this new security measure. The company does not have enough horse power to send the emails immediately.

Another Theory:
Two Factor Authentication is done for the same reason they do road construction. It irritates Tom Neal.

Oh Well!
I guess I'll have to suffer through both.

I get no cell phone reception in my most areas of my office building at work. I log into my account using my username and password and they send me a passcode via text messaging, then I go to the break room and stand by a window waiting for the code.

no doubt that it is more secure than a good old-fashioned password, but if I'm going to be using two-factor then why do I still need a high security password with an uppercase letter, lower case letter, number, and a special character? It would be nice if I could go back to a password that I will actually remember.

What are you using as MFA right now? I’m running MS Azure with SAML integrated MFA (through Authenticator), and it is almost instant.

PICNIC (Problem in the chair not in computer) issue?

allisji wrote: ↑Mon Aug 08, 2022 5:24 pm I get no cell phone reception in my most areas of my office building at work. I log into my account using my username and password and they send me a passcode via text messaging, then I go to the break room and stand by a window waiting for the code.

no doubt that it is more secure than a good old-fashioned password, but if I'm going to be using two-factor then why do I still need a high security password with an uppercase letter, lower case letter, number, and a special character? It would be nice if I could go back to a password that I will actually remember.

Because it increases the work factor for the attacker and makes you less susceptible to rainbow and dictionary attacks, along with social engineering probes….

You either have security or convenience, but not both. It’s a trade off.

After someone hacked my computer and got my login credentials to my bank and took nearly $40,000, I use MFA for everything. The bank returned my funds, but their fraud people talked me into MFA.

For most items, I use google authenticator. My employer uses DUO. My bank uses its app on my phone. I've not experienced any problems since the switch to MFA. Because of poor cell reception, I switched to T-Mobile because of its WIFI calling function. If I have WIFI, I can make/receive calls.

parabelum wrote: ↑Mon Aug 08, 2022 5:27 pm

allisji wrote: ↑Mon Aug 08, 2022 5:24 pm I get no cell phone reception in my most areas of my office building at work. I log into my account using my username and password and they send me a passcode via text messaging, then I go to the break room and stand by a window waiting for the code.

no doubt that it is more secure than a good old-fashioned password, but if I'm going to be using two-factor then why do I still need a high security password with an uppercase letter, lower case letter, number, and a special character? It would be nice if I could go back to a password that I will actually remember.

Because it increases the work factor for the attacker and makes you less susceptible to rainbow and dictionary attacks, along with social engineering probes….

You either have security or convenience, but not both. It’s a trade off.

what is a dictionary or rainbow attack? thank you

edit
wholly sacred cow burgers...i just googled the attacks
now my head hurts.

parabelum wrote: ↑Mon Aug 08, 2022 5:27 pm

allisji wrote: ↑Mon Aug 08, 2022 5:24 pm I get no cell phone reception in my most areas of my office building at work. I log into my account using my username and password and they send me a passcode via text messaging, then I go to the break room and stand by a window waiting for the code.

no doubt that it is more secure than a good old-fashioned password, but if I'm going to be using two-factor then why do I still need a high security password with an uppercase letter, lower case letter, number, and a special character? It would be nice if I could go back to a password that I will actually remember.

Because it increases the work factor for the attacker and makes you less susceptible to rainbow and dictionary attacks, along with social engineering probes….

You either have security or convenience, but not both. It’s a trade off.

You can use a password manager to create, store and use very strong passwords. It also uses MFA to login, but let's you keep very strong passwords with less effort.

powerboatr wrote: ↑Mon Aug 08, 2022 6:00 pm

parabelum wrote: ↑Mon Aug 08, 2022 5:27 pm

allisji wrote: ↑Mon Aug 08, 2022 5:24 pm I get no cell phone reception in my most areas of my office building at work. I log into my account using my username and password and they send me a passcode via text messaging, then I go to the break room and stand by a window waiting for the code.

no doubt that it is more secure than a good old-fashioned password, but if I'm going to be using two-factor then why do I still need a high security password with an uppercase letter, lower case letter, number, and a special character? It would be nice if I could go back to a password that I will actually remember.

Because it increases the work factor for the attacker and makes you less susceptible to rainbow and dictionary attacks, along with social engineering probes….

You either have security or convenience, but not both. It’s a trade off.

what is a dictionary or rainbow attack? thank you

edit
wholly sacred cow burgers...i just googled the attacks
now my head hurts.

I do use a password manager and most of my passwords are un-type-able

The two factor authentication delays just make them difficult for me to use.

I am a IPSC/USPSA Shooter. Not a Bullseye Shooter.
To Me Life is Comstock.

I am not a fan of two factor ID. I too have problems remembering a bunch of questions, passwords, and etc. What is worse, is my wife pays all of the bills, both personal and business. She has to go through this process several times a day just to pay a bill. I keep telling the vendors that if someone wants to pay on my bills LET THEM, PLEASE

RPBrown wrote: ↑Tue Aug 09, 2022 6:39 am I am not a fan of two factor ID. I too have problems remembering a bunch of questions, passwords, and etc. What is worse, is my wife pays all of the bills, both personal and business. She has to go through this process several times a day just to pay a bill. I keep telling the vendors that if someone wants to pay on my bills LET THEM, PLEASE

we use bill pay through our credit union so i only have to log in to one place to pay bills
they do electronic ach or send a paper check depending on web presence.
so far its working great