|
Title: Question About 2FA and Privacy Post by: SlidingHorn on March 07, 2016, 10:51:25 AM It's "always" a good idea to use two-factor-authentication, however, most methods I've heard of are essentially covered under SMS or a mobile app. This inherently (and, I suppose, this is the purpose) ties an account to a phone number or a device. Here's where my confusion begins: I've read about markets on deep web, etc that offer 2FA, and that immediately brings a question to my mind:
Isn't the whole purpose of TOR browsing and the deep web staying anonymous? How does one use 2FA and not tie to a phone number or a specific device? Am I missing something basic here? Title: Re: Question About 2FA and Privacy Post by: hilariousandco on March 07, 2016, 03:45:39 PM Because 2-factor methods are not limited to phones or apps. You can use your pgp key which is likely what most of the darknet markets use.
Title: Re: Question About 2FA and Privacy Post by: SlidingHorn on March 07, 2016, 05:30:24 PM Because 2-factor methods are not limited to phones or apps. You can use your pgp key which is likely what most of the darknet markets use. Gotcha...thanks for the clarification. I'm just kind of getting started in terms of browsing deep web sites, etc. and TOR, so I'm coming across a few things I don't quite understand. Another thing I'd seen was people who had their personal pages on .onion domains....but were still using their full names, etc. I just don't understand why one would want a .onion site and *not* be anonymous. Title: Re: Question About 2FA and Privacy Post by: Foxpup on March 08, 2016, 03:26:02 AM This inherently (and, I suppose, this is the purpose) ties an account to a phone number or a device. It doesn't. In the case of Google Authenticator and similar apps, it ties it to a key (used to generate one-time codes) stored on the device. You can transfer it to other devices, or even run the app on your PC, though that kinda defeats the purpose (which is that a keylogger doesn't have access to everything needed to access your account, the key being on another device).I just don't understand why one would want a .onion site and *not* be anonymous. Sometimes the operator of the website has no need to be anonymous, but wishes the users to be. For this reason, there is currently some development on "direct onion services" which are faster but not anonymous for the operator.Title: Re: Question About 2FA and Privacy Post by: nickenburg on March 08, 2016, 04:29:29 PM Because 2-factor methods are not limited to phones or apps. You can use your pgp key which is likely what most of the darknet markets use. Gotcha...thanks for the clarification. I'm just kind of getting started in terms of browsing deep web sites, etc. and TOR, so I'm coming across a few things I don't quite understand. Another thing I'd seen was people who had their personal pages on .onion domains....but were still using their full names, etc. I just don't understand why one would want a .onion site and *not* be anonymous. Yes, I am using the 2 factor Authentication now, and it is really just the Google authenticator app which you download from the store. And there you can have multiple websites or bitcoin wallets in there, So you will stay anonymous if you want. I personally really like the 2 factor authentication, because I feel safer putting my Bitcoins in A wallet with 2 factor Authentication. Title: Re: Question About 2FA and Privacy Post by: Dabs on March 08, 2016, 10:53:56 PM For android, there are several third party open source apps you can download for 2FA. You could then compile them yourself from source and side load it into an always-airplane mode mobile phone.
Or just grab a trusted APK, like from the Play Store. Title: Re: Question About 2FA and Privacy Post by: aardvark15 on March 08, 2016, 11:47:37 PM If you want to be completely protected and not have to do 2FA, you could just use paper wallets mostly rather than third party wallets.
Title: Re: Question About 2FA and Privacy Post by: Dabs on March 09, 2016, 02:08:01 AM I think he wasn't talking about bitcoin or paper wallets, just 2FA in general, and deep web / dark web particularly that offer 2FA for logins.
|