Bitcoin Forum
October 30, 2020, 01:58:47 AM *
News: Latest Bitcoin Core release: 0.20.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 4 5 »  All
  Print  
Author Topic: 2-Factor Authentication  (Read 1493 times)
botany
Legendary
*
Offline Offline

Activity: 1568
Merit: 1064


View Profile
January 13, 2018, 11:28:34 AM
 #1

Is there any loss of privacy while using 2 Factor authentication?
If you use Google Authenticator on an android phone (where essentially you have linked your google id), to authenticate the login of a third party website, can google link your google id with the credentials of the third party website?
1604023127
Hero Member
*
Offline Offline

Posts: 1604023127

View Profile Personal Message (Offline)

Ignore
1604023127
Reply with quote  #2

1604023127
Report to moderator
1604023127
Hero Member
*
Offline Offline

Posts: 1604023127

View Profile Personal Message (Offline)

Ignore
1604023127
Reply with quote  #2

1604023127
Report to moderator
1604023127
Hero Member
*
Offline Offline

Posts: 1604023127

View Profile Personal Message (Offline)

Ignore
1604023127
Reply with quote  #2

1604023127
Report to moderator
PLAY NOW
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1604023127
Hero Member
*
Offline Offline

Posts: 1604023127

View Profile Personal Message (Offline)

Ignore
1604023127
Reply with quote  #2

1604023127
Report to moderator
ETFbitcoin
Legendary
*
Offline Offline

Activity: 1666
Merit: 2554

Use SegWit and enjoy lower fees.


View Profile WWW
January 13, 2018, 06:10:40 PM
Merited by RomanPetrush (1), hilda483 (1)
 #2

I think no since Google Authenticator works offline and even if you only add the authentication key only with vague description/name. Unless they upload your keys and description along with google account you use on your smartphone.
Welsh
Staff
Legendary
*
Offline Offline

Activity: 2114
Merit: 2095



View Profile
January 13, 2018, 09:07:40 PM
Last edit: January 13, 2018, 11:17:08 PM by Welsh
 #3

If you are that bothered about privacy issues then you can always use a separate mobile phone just for that purpose. I mean they are pretty cheap to pick up these days.

If you are using SMS verification then those messages could potentially be intercepted by someone malicious and Coinbase actually hit the news for this reason.  I don't believe that a third party website is required to send any of the credentials to Google though. So you are safe in that aspect.
theymos_away
Member
**
Offline Offline

Activity: 82
Merit: 26


View Profile
January 13, 2018, 10:39:55 PM
 #4

The protocol used by Google Authenticator is open and should be private (in that giving a code should link you only with your account on the site), but the Google Authenticator app is closed-source, so I wouldn't rely 100% on that app. There are open source alternatives. Authy works differently, and I do not recommend it. SMS is really bad. U2F is probably good, though I haven't actually looked into it closely yet.
LeGaulois
Copper Member
Legendary
*
Offline Offline

Activity: 1596
Merit: 1799

Bitcoin Ninja Unregulated Banker Unbanking Folks


View Profile
January 13, 2018, 11:19:44 PM
Merited by paxmao (1)
 #5

If you care about your privacy you shouldn't use any Google's product, no matter how good they are. It's how the company make its income, using your privacy.... Who knows if in 10 years we learn that in fact, it was another shady product
I have read Authy is far better than Google Authenticator.


You can use a USB like U2F Zero as long you don't lose it you're good to go https://www.u2fzero.com/
... and it's open source https://github.com/conorpp/u2f-zero
Welsh
Staff
Legendary
*
Offline Offline

Activity: 2114
Merit: 2095



View Profile
January 14, 2018, 01:17:12 AM
 #6

If you care about your privacy you shouldn't use any Google's product, no matter how good they are. It's how the company make its income, using your privacy.... Who knows if in 10 years we learn that in fact, it was another shady product
This is almost true for anything which isn't open source.

I have read Authy is far better than Google Authenticator.
I would recommend staying away from Authy, but if you are to use it then make sure to turn off multi device in the settings. This prevents recovery from other phones. If you ever want to transfer to another phone though this option will need to be enabled.

pugman
Legendary
*
Offline Offline

Activity: 1974
Merit: 1458


ok but do you poop? 💩


View Profile WWW
January 14, 2018, 11:19:29 AM
 #7

This is almost true for anything which isn't open source. .
For a lot of people if not everyone , their belief lies in reputed and "trusted" companies.
I would recommend staying away from Authy, but if you are to use it then make sure to turn off multi device in the settings. This prevents recovery from other phones. If you ever want to transfer to another phone though this option will need to be enabled.
Any particular reason why? I have been using authy and I say it is any day better than Google authenticator, for it doesn't BACK up your fucking data. Almost had a nightmare when I un-installed it by mistake, had to contact so many exchanges to remove the 2FA Undecided
I personally have never had any issues with authy.
You can use a USB like U2F Zero as long you don't lose it you're good to go https://www.u2fzero.com/
... and it's open source https://github.com/conorpp/u2f-zero
Is this any good? I'd love to buy one but the USB looks too old-fashioned and doesn't have a case supporting it, possibility of it to break easily is also a thing to be taken into consideration before buying it.
Welsh
Staff
Legendary
*
Offline Offline

Activity: 2114
Merit: 2095



View Profile
January 14, 2018, 12:23:27 PM
 #8

For a lot of people if not everyone , their belief lies in reputed and "trusted" companies.
This shouldn't be the case and especially so with an authenticator.


Any particular reason why? I have been using authy and I say it is any day better than Google authenticator, for it doesn't BACK up your fucking data. Almost had a nightmare when I un-installed it by mistake, had to contact so many exchanges to remove the 2FA Undecided
I personally have never had any issues with authy.

The main reason why I wouldn't use Google authenticator or Authy is because it's not open source. There's open source alternatives which have been mentioned above which are simply better. Before you say Google authenticator is open source, the app which you download on the store is not.

Also, for their multi device feature to work, then your keys need to be stored on a server for it to work. So they certainly keep records/data. These are encrypted by the backup password you set. This is encrypted using AES and a randomly generated salt using PBKDF2. So the data is stored otherwise, it wouldn't be possible to restore access using another device.
LeGaulois
Copper Member
Legendary
*
Offline Offline

Activity: 1596
Merit: 1799

Bitcoin Ninja Unregulated Banker Unbanking Folks


View Profile
January 14, 2018, 12:33:56 PM
 #9

Is this any good? I'd love to buy one but the USB looks too old-fashioned and doesn't have a case supporting it, possibility of it to break easily is also a thing to be taken into consideration before buying it.

I think it's the best alternative but yeah I admit it looks like a prototype from 2000. There is a tutorial if I remember so you can make your own from scratch.
There are other USBs more "swag" for example FIDO U2F Security Key from Yubico https://www.yubico.com/
pugman
Legendary
*
Offline Offline

Activity: 1974
Merit: 1458


ok but do you poop? 💩


View Profile WWW
January 15, 2018, 07:50:58 AM
 #10

This shouldn't be the case and especially so with an authenticator.
If an authenticator has a predecessor of the name Google, users would go for it. However they might not go for authy or something in the first place when they know something called "Google Authenticator", exists. Plus, most websites who have 2FA enabled recommended Google Authenticator.
The main reason why I wouldn't use Google authenticator or Authy is because it's not open source. There's open source alternatives which have been mentioned above which are simply better. Before you say Google authenticator is open source, the app which you download on the store is not.

Also, for their multi device feature to work, then your keys need to be stored on a server for it to work. So they certainly keep records/data. These are encrypted by the backup password you set. This is encrypted using AES and a randomly generated salt using PBKDF2. So the data is stored otherwise, it wouldn't be possible to restore access using another device.
True that. Google is highly overrated in some places and authy which I have been using does need a replacement.
I think it's the best alternative but yeah I admit it looks like a prototype from 2000. There is a tutorial if I remember so you can make your own from scratch.
There are other USBs more "swag" for example FIDO U2F Security Key from Yubico https://www.yubico.com/
Yubiko is nice because it has a USB type C, so I did like that. But 50-60$ for an authenticator, I'm not sure yet but I do want to buy one.
Anyhow, thank you for sharing that information, was really helpful.  Cheesy
fabioganga
Full Member
***
Offline Offline

Activity: 478
Merit: 113



View Profile WWW
January 15, 2018, 08:48:21 PM
 #11

Is there any loss of privacy while using 2 Factor authentication?
If you use Google Authenticator on an android phone (where essentially you have linked your google id), to authenticate the login of a third party website, can google link your google id with the credentials of the third party website?

I don't think Google would ever risk their reputation to be destroyed in an instant by breaching your privacy that way... I have used Google Authenticator extensively for a good couple of years now, never had a problem at all.

When you activate 2FA on websites you are given a UNIQUE key together with a QR code to scan. The key works on ANY phone, so it is definitely NOT linked to your Google ID and you should therefore keep that key well hidden.

Coin-Keeper
Hero Member
*****
Offline Offline

Activity: 621
Merit: 513



View Profile
January 16, 2018, 08:23:00 PM
 #12

Is this any good? I'd love to buy one but the USB looks too old-fashioned and doesn't have a case supporting it, possibility of it to break easily is also a thing to be taken into consideration before buying it.

I think it's the best alternative but yeah I admit it looks like a prototype from 2000. There is a tutorial if I remember so you can make your own from scratch.
There are other USBs more "swag" for example FIDO U2F Security Key from Yubico https://www.yubico.com/


By far a superior process compared to google or authy.  Sure fire and encrypted privacy.  I would suggest the "swag" model if you need to be mobile.  The higher end models use NFC and you just touch your smartphone using NFC it authenticates everything.  Cannot be beaten by a hacker.  Wish we used this process here in this forum!
lucianus_luciferus
Full Member
***
Offline Offline

Activity: 327
Merit: 101

nothing is lost if you don't lose yourself


View Profile WWW
January 18, 2018, 01:25:19 AM
 #13

true that
i have the neo and it is so cool  Grin

https://www.yubico.com/start/#yubikey-neo

TyfrTR
Sr. Member
****
Offline Offline

Activity: 299
Merit: 262


View Profile
January 18, 2018, 12:57:15 PM
 #14

I use 2-factor authentication with an offline (no sim card; no internet) mobile phone. Only when I need to sync my numbers, I'm connecting the phone to internet and making sync process. I dont know but i belive that its better to use it offline maybe.
Saksham
Hero Member
*****
Offline Offline

Activity: 574
Merit: 500



View Profile
January 18, 2018, 01:13:48 PM
 #15

Is there any loss of privacy while using 2 Factor authentication?
If you use Google Authenticator on an android phone (where essentially you have linked your google id), to authenticate the login of a third party website, can google link your google id with the credentials of the third party website?
I have put my trust in the second authentication fact. I am already using it from some time and i had no issues with it and i am confident in the Google's confidential politics.
anjho.ace
Full Member
***
Offline Offline

Activity: 372
Merit: 100


View Profile
January 18, 2018, 07:00:26 PM
 #16

2-factor authentication will give you more security on your account but always saved the encrypted message as you will be in a big problem once your phone shut down or stolen!
Coin-Keeper
Hero Member
*****
Offline Offline

Activity: 621
Merit: 513



View Profile
January 19, 2018, 12:19:58 AM
 #17

2-factor authentication will give you more security on your account but always saved the encrypted message as you will be in a big problem once your phone shut down or stolen!

I don't have first hand experience with losing phone credentials but I have helped people navigate what can become a total nightmare.  The better sites have papercode backups in case you lose your phone or it gets destroyed.  Without those a loss of phone credentials will "wreck your day" in a big way.  I ONLY use full U2F so I don't worry because I have two encrypted chips and the sites allow either to be used.  The backup chip is in my safe.
barnes13
Hero Member
*****
Offline Offline

Activity: 1260
Merit: 517


7enius - Your Cryptocurrency Marketing Consultant


View Profile WWW
January 19, 2018, 01:09:32 AM
 #18

I use Google Authenticator but got issues to login my exchange account, so I change to use Authy never have issues so far, but read all the previous post I will considering to use FIDO U2F Key from Yubico for more secure to all my account.
RENTMONEY
Jr. Member
*
Offline Offline

Activity: 197
Merit: 1


View Profile
January 20, 2018, 02:46:11 AM
 #19

I hate how we are forced to use 2fa .. It should be our choice.

It is a pain for me to use since I don't get cell service in my area and not all exchanges allow the google version.

TonyMark
Member
**
Offline Offline

Activity: 135
Merit: 11


View Profile
January 20, 2018, 05:45:46 AM
 #20

There is no harm with 2-factor authentication. It is just used for our security purpose. In fact, those accounts integrate with 2FA they are trustworthy and more secure. If you are doing some transaction on the trading or exchange platform then 2FA is essential for our security purpose.
Pages: [1] 2 3 4 5 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!