{"id":1379,"date":"2014-10-27T09:53:54","date_gmt":"2014-10-27T16:53:54","guid":{"rendered":"http:\/\/www.laurenwood.org\/anyway\/?p=1379"},"modified":"2019-09-01T11:03:13","modified_gmt":"2019-09-01T18:03:13","slug":"2fa-the-aftermath","status":"publish","type":"post","link":"https:\/\/www.laurenwood.org\/anyway\/2014\/10\/2fa-the-aftermath\/","title":{"rendered":"2FA<\/span>, the aftermath"},"content":{"rendered":"

Two-factor authen\u00adtic\u00ada\u00adtion is gen\u00ader\u00adally seen as a good idea; there\u2019s a cer\u00adtain amount of hand-wringing over the fact that more people don\u2019t turn it on. The prob\u00adlem is, it\u2019s one of those things where you sign up for dis\u00adrup\u00adtion over the next few days, for uncer\u00adtain reward. The reward is uncer\u00adtain because you can nev\u00ader tell wheth\u00ader turn\u00ading on two-factor authen\u00adtic\u00ada\u00adtion stopped someone hack\u00ading your account or not, just like you can\u00ad\u2019t tell wheth\u00ader hav\u00ading an alarm com\u00adpany sign out\u00adside your house dis\u00adsuades someone from break\u00ading into it. My main email account has been on 2FA<\/span> for ages, but I decided to add it to one of my sec\u00adond\u00adary accounts as well, giv\u00aden that lots of people seem to mis\u00adtakenly use that email instead of their own.<\/p>\n

Tim<\/a> sug\u00adges\u00adted I used the authen\u00adtic\u00adat\u00ador<\/a> app for my Google account 2FA<\/span>, instead of using the SMS<\/span> sys\u00adtem. Just a hint: set it up while you still have access to your text mes\u00adsages since SMS<\/span> is used for the boot\u00adstrap\u00adping authen\u00adtic\u00ada\u00adtion. You need to sign up for Google 2FA<\/span> in the first place \u2018on a com\u00adputer\u2019 (not spe\u00adcified wheth\u00ader a tab\u00adlet is suf\u00adfi\u00adcient? I used the desktop). You are sent an SMS<\/span> to authen\u00adtic\u00adate your\u00adself, and then you get anoth\u00ader one when you want to authen\u00adtic\u00adate the Authen\u00adtic\u00adat\u00ador app. After that, you don\u2019t need your SMS<\/span> sys\u00adtem, as long as you have the device with the Authen\u00adtic\u00adat\u00ador app on it.<\/p>\n

But then there are the oth\u00ader apps, which now need applic\u00ada\u00adtion-spe\u00adcif\u00adic gen\u00ader\u00adated pass\u00adwords. Adi\u00adum for Google Talk, for example, or email with Thun\u00adder\u00adbird. Set\u00adting each one up does\u00adn\u2019t take long, but I\u2019m sure some time in the future I will have for\u00adgot\u00adten and be won\u00adder\u00ading why I can\u00ad\u2019t log in with a val\u00adid password.<\/p>\n

And I under\u00adstand what\u2019s going on, more or less, and think the short-term hassles are worth it. There are lots of people who don\u2019t have a men\u00adtal mod\u00adel of pass\u00adwords or authen\u00adtic\u00ada\u00adtion, who see only the pain and not the gain (since the gain is only in the absence of a poten\u00adtial future pain). Busi\u00adnesses are sup\u00adposedly imple\u00adment\u00ading 2FA<\/span> fairly rap\u00adidly<\/a>, but I\u2019d be sur\u00adprised if people in gen\u00ader\u00adal were out\u00adfit\u00adting their per\u00adson\u00adal accounts with 2FA<\/span> at any\u00adthing like the same rate. Mind you, I also sus\u00adpect those sur\u00adveys apply mostly to big\u00adger com\u00adpan\u00adies in par\u00adtic\u00adu\u00adlar indus\u00adtries; anec\u00addot\u00adal evid\u00adence I\u2019ve heard points to a lower real adop\u00adtion rate.<\/p>\n","protected":false},"excerpt":{"rendered":"

Two-factor authen\u00adtic\u00ada\u00adtion is gen\u00ader\u00adally seen as a good idea; there\u2019s a cer\u00adtain amount of hand-wringing over the fact that more people don\u2019t turn it on. The prob\u00adlem is, it\u2019s one of those things where you sign up for dis\u00adrup\u00adtion over the next few days, for uncer\u00adtain reward. The reward is uncer\u00adtain because you can nev\u00ader \u2026 Con\u00adtin\u00adue read\u00ading \u201c2FA<\/span>, the aftermath\u201d<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"wp_typography_post_enhancements_disabled":false,"activitypub_content_warning":"","activitypub_content_visibility":"","activitypub_max_image_attachments":3,"activitypub_interaction_policy_quote":"","activitypub_status":"","footnotes":""},"categories":[13,6],"tags":[],"class_list":["post-1379","post","type-post","status-publish","format-standard","hentry","category-identity","category-technology"],"_links":{"self":[{"href":"https:\/\/www.laurenwood.org\/anyway\/wp-json\/wp\/v2\/posts\/1379","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.laurenwood.org\/anyway\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.laurenwood.org\/anyway\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.laurenwood.org\/anyway\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.laurenwood.org\/anyway\/wp-json\/wp\/v2\/comments?post=1379"}],"version-history":[{"count":4,"href":"https:\/\/www.laurenwood.org\/anyway\/wp-json\/wp\/v2\/posts\/1379\/revisions"}],"predecessor-version":[{"id":1384,"href":"https:\/\/www.laurenwood.org\/anyway\/wp-json\/wp\/v2\/posts\/1379\/revisions\/1384"}],"wp:attachment":[{"href":"https:\/\/www.laurenwood.org\/anyway\/wp-json\/wp\/v2\/media?parent=1379"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.laurenwood.org\/anyway\/wp-json\/wp\/v2\/categories?post=1379"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.laurenwood.org\/anyway\/wp-json\/wp\/v2\/tags?post=1379"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}