I'd sorta assume that most people on FP already know this kind of stuff
I use Dashlane, it's pretty nice and also safe, as the data stored on the server is always encrypted.
Some contradictions:
Don't use two factor authentication, many websites end up trusting that second factor as much as your password even if it's a phone, and phone number is not, has never been, or should ever be used as a security device. If you're being targetted someone can just call and annoy your phone provider into switching your number to a different sim card and your "2fa" now bypasses your more secure password (assuming you properly set a password).
Don't put critical data on an often faulty flash drive for god's sake. Put it in an encrypted container on your computer, this works well for stuff you only need to access rarely like taxes, sure you might get malware but if you never accessed it during that period and always run a full scan before you do then that's better, and you're way less likely to lose it. Can also back said container and shit up freely without worrying about further encryption on third party services or peripheral devices.
using something like google auth means your 2fa codes are tied to your device, even if they have your phone number those codes are tied to the device they are stored on
yeah it does definetly depend on which system but so many implementations are just completely self defeating that i would reccomend anyone who isnt individually researching website's and services 2fa system just avoid it. Is always better if you do individual research on these things.
Glory to arstotzka!
Kinda generic sponsored video all in all, felt like it was just sponsoring the app at the end
If a website offers physical or virtual 2FA device support it's usually assumable to be totally safe as those systems are pretty hard to break. 2FA SMS and email is just outright garbage, but 2FA devices are safe as long as you keep hold of the device. If they've got your 2FA device you're fucked no matter what, but that also means they were or are physically close to you.
Suggesting to people to be wary of 2FA in general and to research it on a per website basis isn't in the best interests of security. 2FA of any sort is still a massive roadblock for most babyshit information thieves. Warn people to be wary of easily broken 2FA systems like phone calls, SMS and email. And of course check out account recovery offerings, good places that do 2FA devices correctly tend to have disclaimers about 2FA enabled account recovery being fucking hard for good reason.
it looks like its trying to emulate kurzgesagts animation but it looks insanely shitty
Sorry, you need to Log In to post a reply to this thread.
