Question About 2FA and Privacy

[SlidingHorn]

It's "always" a good idea to use two-factor-authentication, however, most methods I've heard of are essentially covered under SMS or a mobile app.  This inherently (and, I suppose, this is the purpose) ties an account to a phone number or a device.  Here's where my confusion begins:  I've read about markets on deep web, etc that offer 2FA, and that immediately brings a question to my mind:

Isn't the whole purpose of TOR browsing and the deep web staying anonymous?  How does one use 2FA and not tie to a phone number or a specific device?  Am I missing something basic here?

[hilariousandco]

Because 2-factor methods are not limited to phones or apps. You can use your pgp key which is likely what most of the darknet markets use.

[SlidingHorn]

Because 2-factor methods are not limited to phones or apps. You can use your pgp key which is likely what most of the darknet markets use.

Gotcha...thanks for the clarification.  I'm just kind of getting started in terms of browsing deep web sites, etc. and TOR, so I'm coming across a few things I don't quite understand.  Another thing I'd seen was people who had their personal pages on .onion domains....but were still using their full names, etc.  I just don't understand why one would want a .onion site and *not* be anonymous. 

[Foxpup]

This inherently (and, I suppose, this is the purpose) ties an account to a phone number or a device.

It doesn't. In the case of Google Authenticator and similar apps, it ties it to a key (used to generate one-time codes) stored on the device. You can transfer it to other devices, or even run the app on your PC, though that kinda defeats the purpose (which is that a keylogger doesn't have access to everything needed to access your account, the key being on another device).

I just don't understand why one would want a .onion site and *not* be anonymous. 

Sometimes the operator of the website has no need to be anonymous, but wishes the users to be. For this reason, there is currently some development on "direct onion services" which are faster but not anonymous for the operator.

[nickenburg]

Because 2-factor methods are not limited to phones or apps. You can use your pgp key which is likely what most of the darknet markets use.

Gotcha...thanks for the clarification.  I'm just kind of getting started in terms of browsing deep web sites, etc. and TOR, so I'm coming across a few things I don't quite understand.  Another thing I'd seen was people who had their personal pages on .onion domains....but were still using their full names, etc.  I just don't understand why one would want a .onion site and *not* be anonymous. 

Yes, I am using the 2 factor Authentication now, and it is really just the Google authenticator app which you download from the store.
And there you can have multiple websites or bitcoin wallets in there, So you will stay anonymous if you want.

I personally really like the 2 factor authentication, because I feel safer putting my Bitcoins in A wallet with 2 factor Authentication.

[Dabs]

For android, there are several third party open source apps you can download for 2FA. You could then compile them yourself from source and side load it into an always-airplane mode mobile phone.

Or just grab a trusted APK, like from the Play Store.

[aardvark15]

If you want to be completely protected and not have to do 2FA, you could just use paper wallets mostly rather than third party wallets.

[Dabs]

I think he wasn't talking about bitcoin or paper wallets, just 2FA in general, and deep web / dark web particularly that offer 2FA for logins.