2-Factor Authentication

[botany]

Is there any loss of privacy while using 2 Factor authentication?
If you use Google Authenticator on an android phone (where essentially you have linked your google id), to authenticate the login of a third party website, can google link your google id with the credentials of the third party website?

[1714145095]

1714145095

[1714145095]

1714145095

[1714145095]

1714145095

[1714145095]

1714145095

[1714145095]

1714145095

[ABCbits]

I think no since Google Authenticator works offline and even if you only add the authentication key only with vague description/name. Unless they upload your keys and description along with google account you use on your smartphone.

[Welsh]

If you are that bothered about privacy issues then you can always use a separate mobile phone just for that purpose. I mean they are pretty cheap to pick up these days.

If you are using SMS verification then those messages could potentially be intercepted by someone malicious and Coinbase actually hit the news for this reason.  I don't believe that a third party website is required to send any of the credentials to Google though. So you are safe in that aspect.

[theymos_away]

The protocol used by Google Authenticator is open and should be private (in that giving a code should link you only with your account on the site), but the Google Authenticator app is closed-source, so I wouldn't rely 100% on that app. There are open source alternatives. Authy works differently, and I do not recommend it. SMS is really bad. U2F is probably good, though I haven't actually looked into it closely yet.

[LeGaulois]

If you care about your privacy you shouldn't use any Google's product, no matter how good they are. It's how the company make its income, using your privacy.... Who knows if in 10 years we learn that in fact, it was another shady product
I have read Authy is far better than Google Authenticator.


You can use a USB like U2F Zero as long you don't lose it you're good to go https://www.u2fzero.com/
... and it's open source https://github.com/conorpp/u2f-zero

[Welsh]

If you care about your privacy you shouldn't use any Google's product, no matter how good they are. It's how the company make its income, using your privacy.... Who knows if in 10 years we learn that in fact, it was another shady product

This is almost true for anything which isn't open source.

I have read Authy is far better than Google Authenticator.

I would recommend staying away from Authy, but if you are to use it then make sure to turn off multi device in the settings. This prevents recovery from other phones. If you ever want to transfer to another phone though this option will need to be enabled.

[pugman]

This is almost true for anything which isn't open source. .

For a lot of people if not everyone , their belief lies in reputed and "trusted" companies.

I would recommend staying away from Authy, but if you are to use it then make sure to turn off multi device in the settings. This prevents recovery from other phones. If you ever want to transfer to another phone though this option will need to be enabled.

Any particular reason why? I have been using authy and I say it is any day better than Google authenticator, for it doesn't BACK up your fucking data. Almost had a nightmare when I un-installed it by mistake, had to contact so many exchanges to remove the 2FA
I personally have never had any issues with authy.

You can use a USB like U2F Zero as long you don't lose it you're good to go https://www.u2fzero.com/
... and it's open source https://github.com/conorpp/u2f-zero

Is this any good? I'd love to buy one but the USB looks too old-fashioned and doesn't have a case supporting it, possibility of it to break easily is also a thing to be taken into consideration before buying it.

[Welsh]

For a lot of people if not everyone , their belief lies in reputed and "trusted" companies.

This shouldn't be the case and especially so with an authenticator.

Any particular reason why? I have been using authy and I say it is any day better than Google authenticator, for it doesn't BACK up your fucking data. Almost had a nightmare when I un-installed it by mistake, had to contact so many exchanges to remove the 2FA
I personally have never had any issues with authy.

The main reason why I wouldn't use Google authenticator or Authy is because it's not open source. There's open source alternatives which have been mentioned above which are simply better. Before you say Google authenticator is open source, the app which you download on the store is not.

Also, for their multi device feature to work, then your keys need to be stored on a server for it to work. So they certainly keep records/data. These are encrypted by the backup password you set. This is encrypted using AES and a randomly generated salt using PBKDF2. So the data is stored otherwise, it wouldn't be possible to restore access using another device.

[LeGaulois]

Is this any good? I'd love to buy one but the USB looks too old-fashioned and doesn't have a case supporting it, possibility of it to break easily is also a thing to be taken into consideration before buying it.

I think it's the best alternative but yeah I admit it looks like a prototype from 2000. There is a tutorial if I remember so you can make your own from scratch.
There are other USBs more "swag" for example FIDO U2F Security Key from Yubico https://www.yubico.com/

[pugman]

This shouldn't be the case and especially so with an authenticator.

If an authenticator has a predecessor of the name Google, users would go for it. However they might not go for authy or something in the first place when they know something called "Google Authenticator", exists. Plus, most websites who have 2FA enabled recommended Google Authenticator.

The main reason why I wouldn't use Google authenticator or Authy is because it's not open source. There's open source alternatives which have been mentioned above which are simply better. Before you say Google authenticator is open source, the app which you download on the store is not.

Also, for their multi device feature to work, then your keys need to be stored on a server for it to work. So they certainly keep records/data. These are encrypted by the backup password you set. This is encrypted using AES and a randomly generated salt using PBKDF2. So the data is stored otherwise, it wouldn't be possible to restore access using another device.

True that. Google is highly overrated in some places and authy which I have been using does need a replacement.

I think it's the best alternative but yeah I admit it looks like a prototype from 2000. There is a tutorial if I remember so you can make your own from scratch.
There are other USBs more "swag" for example FIDO U2F Security Key from Yubico https://www.yubico.com/

Yubiko is nice because it has a USB type C, so I did like that. But 50-60$ for an authenticator, I'm not sure yet but I do want to buy one.
Anyhow, thank you for sharing that information, was really helpful. 

[fabioganga]

Is there any loss of privacy while using 2 Factor authentication?
If you use Google Authenticator on an android phone (where essentially you have linked your google id), to authenticate the login of a third party website, can google link your google id with the credentials of the third party website?

I don't think Google would ever risk their reputation to be destroyed in an instant by breaching your privacy that way... I have used Google Authenticator extensively for a good couple of years now, never had a problem at all.

When you activate 2FA on websites you are given a UNIQUE key together with a QR code to scan. The key works on ANY phone, so it is definitely NOT linked to your Google ID and you should therefore keep that key well hidden.

[Coin-Keeper]

Is this any good? I'd love to buy one but the USB looks too old-fashioned and doesn't have a case supporting it, possibility of it to break easily is also a thing to be taken into consideration before buying it.

I think it's the best alternative but yeah I admit it looks like a prototype from 2000. There is a tutorial if I remember so you can make your own from scratch.
There are other USBs more "swag" for example FIDO U2F Security Key from Yubico https://www.yubico.com/

By far a superior process compared to google or authy.  Sure fire and encrypted privacy.  I would suggest the "swag" model if you need to be mobile.  The higher end models use NFC and you just touch your smartphone using NFC it authenticates everything.  Cannot be beaten by a hacker.  Wish we used this process here in this forum!

[lucianus_luciferus]

true that
i have the neo and it is so cool 

https://www.yubico.com/start/#yubikey-neo

[TyfrTR]

I use 2-factor authentication with an offline (no sim card; no internet) mobile phone. Only when I need to sync my numbers, I'm connecting the phone to internet and making sync process. I dont know but i belive that its better to use it offline maybe.

[Saksham]

Is there any loss of privacy while using 2 Factor authentication?
If you use Google Authenticator on an android phone (where essentially you have linked your google id), to authenticate the login of a third party website, can google link your google id with the credentials of the third party website?

I have put my trust in the second authentication fact. I am already using it from some time and i had no issues with it and i am confident in the Google's confidential politics.

[anjho.ace]

2-factor authentication will give you more security on your account but always saved the encrypted message as you will be in a big problem once your phone shut down or stolen!

[Coin-Keeper]

2-factor authentication will give you more security on your account but always saved the encrypted message as you will be in a big problem once your phone shut down or stolen!

I don't have first hand experience with losing phone credentials but I have helped people navigate what can become a total nightmare.  The better sites have papercode backups in case you lose your phone or it gets destroyed.  Without those a loss of phone credentials will "wreck your day" in a big way.  I ONLY use full U2F so I don't worry because I have two encrypted chips and the sites allow either to be used.  The backup chip is in my safe.

[barnes13]

I use Google Authenticator but got issues to login my exchange account, so I change to use Authy never have issues so far, but read all the previous post I will considering to use FIDO U2F Key from Yubico for more secure to all my account.

[RENTMONEY]

I hate how we are forced to use 2fa .. It should be our choice.

It is a pain for me to use since I don't get cell service in my area and not all exchanges allow the google version.

[TonyMark]

There is no harm with 2-factor authentication. It is just used for our security purpose. In fact, those accounts integrate with 2FA they are trustworthy and more secure. If you are doing some transaction on the trading or exchange platform then 2FA is essential for our security purpose.