2FA Options - Which is best? POLL

[coinking]

I couldn't vote because you don't have an option for LastPass with RSA SecurID.

Done, vote away!

[Amph]

Google Authenticator, but only because it's the only I have used.
Are there any other ones that are actually better?

there is(not talking about security, but about usability), authy is pretty good, if you are poor and can't get even a economic smartphone and you are stuck with old standard phone, also i like the sms code, it's easy and fast

[Blazr]

Google Authenticator, but only because it's the only I have used.
Are there any other ones that are actually better?

there is, authy is pretty good, if you are poor and can't get even a economic smartphone and you are stuck with old standard phone, also i like the sms code, it's easy and fast

Authy is much less secure than most of the others and you are dependant on the Authy service. If anything happens to the Authy service you are SOL.

Google authenticator (and every other app that implements TOTP) isn't dependant on anything, it's stand-alone so even if Google were to disappear your app will continue working fine, with Authy you'd be fucked.

Also Authy has the ability to bypass 2FA on any of your accounts, so if there is a rogue employee or they are hacked then it could lead to many people being hacked.

And there are privacy issues as Authy knows when you are logging in, what websites you are logging into, what other Authy-enabled websites you use and your phone number and your IP. You also must disclose your phone number to them to use the service.

Not only that large website owners have to pay Authy a fee to use the service, which is ridiculous when there are so many free and open source solutions that are far superior to Authy.

There are TOTP clients available for older phones, I know symbian phones have one and I'm sure any of the old feature phones that run Java could run a client, though I don't know if anyone has taken the time to code one up.

[Amph]

Google Authenticator, but only because it's the only I have used.
Are there any other ones that are actually better?

there is, authy is pretty good, if you are poor and can't get even a economic smartphone and you are stuck with old standard phone, also i like the sms code, it's easy and fast

Authy is much less secure than most of the others and you are dependant on the Authy service. If anything happens to the Authy service you are SOL.

Google authenticator (and every other app that implements TOTP) isn't dependant on anything, it's stand-alone so even if Google were to disappear your app will continue working fine, with Authy you'd be fucked.

Also Authy has the ability to bypass 2FA on any of your accounts, so if there is a rogue employee or they are hacked then it could lead to many people being hacked.

And there are privacy issues as Authy knows when you are logging in, what websites you are logging into, what other Authy-enabled websites you use and your phone number and your IP. You also must disclose your phone number to them to use the service.

well i didn't know that authy come with all those problems, good to know i guess, the problem with GA is that it can't be used without a proper device, the pc version also is less secure than the standard one with a smartphone

[leen93]

Google 2FA works fine and is the most popular. DOn't see a need for another one

[Jybrael]

I have only heard of Google Authenticator....don't really know much about the others...so a little bit more information on the other would be great.

[kolloh]

Really only used Google Authenticator and it has worked well for me. Duo does look interesting though and the click to approve feature of it seems like it might give an edge to convenience. Though I think it requires you to register or something.

[WhatTheGox]

Having used google authenticator the last 2 years now i can say ive never had a single problem with it and never been hacked since using it.  Didnt the Litecoin creator create it also? if so awesome!

[laris2]

Google auth :<

[lite]

I hate Authy very much
I lost my account because it

I still choose Google Authenticator since most services use it as 2FA
And it stand independently, you just have to sync the correct time
I also never got any problem with it

I've been using for a long a time never had any problems. i like authy coz all my 2fa accounts can be restore to another device with just phone verification.

[ObscureBean]

I, personally am a little wary about using those apps, I just use regular text messages as 2fa on all sites that allow it. I've heard of so many stories where things go wrong with apps like Authy and people find themselves locked out of their own accounts. I think you should definitely add the text message option to your list.

[boopy265420]

Voted for Google Authenticate as this is most popular and working quite perfectly for me and many others. I am using GA successfully without any problem and this made me satisfied about my assets and persona data .

[mitus-2]

i've tried only Google 2fa and it worked flawlessy until today.  considering that google now possess definetely too many informations about myself, i should give a try to one of the other 2fa methods posted here

[7queue]

What about this?

https://www.grc.com/sqrl/sqrl.htm


When lastpass first came out I tried it and was pwned instantly. I don't care if it's fixed, not touching it ever!



I've used google auth in the past. These seem to lend a sense of security to anyone using them as they are only one extra hurdle to jump over.


What is the best? Wouldn't that bee you?

8 )

[bitllionaire]

I use Google authenticator and authy(this one is forced by some websites) and I like both, I like the fact that you can do a backup in the cloud with authy because I haven't got to do a backup of google auth keys

[ipbo]

I high recommend  Google authenticator and Authy. I already used this 2 that's why.

[coinking]

I, personally am a little wary about using those apps, I just use regular text messages as 2fa on all sites that allow it. I've heard of so many stories where things go wrong with apps like Authy and people find themselves locked out of their own accounts. I think you should definitely add the text message option to your list.

SMS added

[ACCTseller]

In my honest opinion the best 2FA option is the google authenticator app. It is easiest and free option, maybe they can allow to buckup our codes and send them to a personal email address.

This. In the past Google released an update for Google Authenticator that had a bug that accidentally deleted some users codes.

Google intentionally didn't put in a way to back up codes as their plan is that if you lose a code you need to verify yourself with the service and they give you a new code. The problem is some websites, such as BTC-e, don't have the proper procedures in place to reset 2FA, so if you lose your code you may not be able to regain access to your account. This is particularly bad for Bitcoin websites due to the fact the bitcoin community loves anonymity, as it is difficult to verify yourself when you are anonymous.

I personally think that the security that 2FA provides is significantly over-hyped. If the device you are logging in with is infected with viruses they can hijack your session when you login and have full access to the account. The only scenario 2FA protects against is if an attacker has obtained your password without compromising your PC, this usually means you've fallen victim to a phishing scam or you reuse passwords or have significantly weak passwords, a password manager such as LastPass or KeePass does a better job at protecting you from those threats than 2FA.

The most common way that people import the 2FA private key into google authenticator is to scan a QR code displayed on a website with your phone's camera. In order to back up the key, you would need to either save a picture of this key on your computer, or take a picture of it with your phone prior to scanning it with your authenticator app. From there you would need to back up the keys in a way that is secure and separate from your phone. However both taking a picture and saving a picture will expose you to a number of vulnerabilities, mainly related to the fact that your picture will most likely be stored in at least one place that is not secure and can be accessed via social engineering.

Any 2FA method must be able to give you your code independently of any additional connection or service. For example you must not have to login to any third party website to get your code, and you must not need to have any internet/wireless connection on your 2FA device. If either of these are true then you would need to trust the third party with your 2FA codes which somewhat defeats the purpose.

[Fernandez]

Considering I have no idea what most of the others are, and that I am reluctant to give out my number for SMS, Google authenticator is my choice. Almost everyone has an Android mobile, so it is easily available. Only thing to keep in mind is to backup the original key.

[burjo]

Google Authenticator. Already use it for 2 weeks and there is no problems.