2FA app on desktop

[hulla]

Addition to everything said before, ignore the convenience of using the go to 2FA app on the same desktop you use to sign into your exchange account cause it will make you vulnerable to attack and it better to always have your 2FA app on seperate device.

Meanwhile, If you're to use decentralized 2FA app like Aegis dont trust google anth app.

[1715124115]

1715124115

[1715124115]

1715124115

[1715124115]

1715124115

[1715124115]

1715124115

[1715124115]

1715124115

[1715124115]

1715124115

[o_e_l_e_o]

something like a yubikey or its equivalent is the best option IMO.

Agreed. The problem with 2FA is many people just see it is a second password. That is not what it is supposed to be. It is supposed to be 2 entirely different factors, ideally something you know (a password) and something you have (a physical device). Kind of like taking money out of an ATM - you need something you have (the physical card) and something you know (your PIN).

Something that a lot of people don't know is that you can use a hardware wallet for your 2FA. Both Ledger and Trezor devices support FIDO Universal 2nd Factor Authentication (links below). If you don't want to spend money on a YubiKey or similar, then you can use your hardware wallet instead.

Ledger: https://www.ledger.com/fido-u2f
Trezor: https://blog.trezor.io/secure-two-factor-authentication-with-trezor-u2f-e940fd5a60af

[Maus0728]

Something that a lot of people don't know is that you can use a hardware wallet for your 2FA. Both Ledger and Trezor devices support FIDO Universal 2nd Factor Authentication (links below). If you don't want to spend money on a YubiKey or similar, then you can use your hardware wallet instead.

Wouldn't there be a risk if we've used our hardware wallet in two-factor authentication? I've seen that we still need to use the app then connect our hardware wallets to make the authenticator work, but are there no risks involved? It seems that this is really a better choice if someone wanted to have a much secured accounts, adding up the security level of both hardware wallet you've mentioned - making it like a physical key to your safe/accounts. But still for those who doesn't have any hardware wallets, YubiKeys are much cheaper if a user just wanted 2FA.

I can't wait that both Ledger and Trezor hardware wallet would soon be adopted to be a key in opening desktops/laptops as an additional security measure - like a key to boot it up. But AFAIK there are already programs that can make your flash drives to be a key, but it has a lot of loopholes for a security of a device.

[joniboini]

A risk will always be there, for example a zero-day bug or something similar. But it is definitely better than other options such as using an old 2FA plugin on the web browser that is no longer updated by the developer. In short, the question should be whether the risk is smaller or not.

[o_e_l_e_o]

Wouldn't there be a risk if we've used our hardware wallet in two-factor authentication?

There are no known vulnerabilities to using it for 2FA from a device point of view. The whole point of a hardware wallet is that you can plug it in to the most malware infected and insecure computer in the world, and your private keys will remain safely stored on the device. There is certainly a risk if you are carrying your hardware wallet around with you to use as a 2FA key in a public place, however. With both Ledger and Trezor you advertise that you own crypto and potentially make yourself a target, and with Trezor devices, if you lose it or it is stolen the seed phrase can be extracted.

But still for those who doesn't have any hardware wallets, YubiKeys are much cheaper if a user just wanted 2FA.

Cheaper and simpler.

[vapourminer]

There are no known vulnerabilities to using it for 2FA from a device point of view. The whole point of a hardware wallet is that you can plug it in to the most malware infected and insecure computer in the world, and your private keys will remain safely stored on the device. There is certainly a risk if you are carrying your hardware wallet around with you to use as a 2FA key in a public place, however. With both Ledger and Trezor you advertise that you own crypto and potentially make yourself a target, and with Trezor devices, if you lose it or it is stolen the seed phrase can be extracted.

But still for those who doesn't have any hardware wallets, YubiKeys are much cheaper if a user just wanted 2FA.

Cheaper and simpler.

yubikeys are also easier to explain as to why you have one. could be for work, for logging into a bank etc as they are used that way too. nothing related to crypto in other words.

[Simakura]

That is not necessarily safe, what if our PC is infected with a virus.

[vapourminer]

That is not necessarily safe, what if our PC is infected with a virus.

yubikeys are read only devices. they are immune to badusb (which can infect many general purpose usb based devices) and other such malware. so they are safe to use even if the computer its plugged into tries to compromise it.

[bL4nkcode]

That is not necessarily safe, what if our PC is infected with a virus.

U2F keys and 2fa are just additional layer for the security of your files/money/account/etc.. It doesn't protect you from being attacked and being careless. If you think the device has a malware then don't use or make a proper action to get rid of it.

[Maus0728]

That is not necessarily safe, what if our PC is infected with a virus.

U2F keys and 2fa are just additional layer for the security of your files/money/account/etc.. It doesn't protect you from being attacked and being careless. If you think the device has a malware then don't use or make a proper action to get rid of it.

Indeed. Well, apparently, viruses are just an altered codes attached on to programs that makes various activities depending on what it is made for. But in fact, computer viruses wasn't really that made to do something that can compromise one's security, especially if they would user hardware authenticators as well. Also, viruses cannot simply be infecting on a person's device without him doing unsafe and unsecured activities, both online and offline.

Therefore, you can be "safe" if and only if you have genuine antivirus and programs installed on your device, and not downloading cracked nor patched applications. Lastly, most legitimate antivirus nowadays do tend to be updating their system daily as people keeps making dozens of virus online, making them instantly blacklisting any suspicious programs that may or might have been infected. Hence, 2FA is still the best safety precaution - regardless of your device's protection.

[vapourminer]

Also, viruses cannot simply be infecting on a person's device without him doing unsafe and unsecured activities, both online and offline.

zeroday exploits and custom written virus/malware are a thing and can catch even the most seasoned and safety conscious IT people unaware.

Therefore, you can be "safe" if and only if you have genuine antivirus and programs installed on your device,

having AV doesnt gaurentee safely. custom written virus and  malware plus zerodays get by easily. it helps but it is a combination of awareness, knowledge and safe computing practices thats best. and even then you can get a virus.

the name of the game is layered security to reduce the risk. and for that education goes a long ways.

[Welsh]

Indeed. Well, apparently, viruses are just an altered codes attached on to programs that makes various activities depending on what it is made for. But in fact, computer viruses wasn't really that made to do something that can compromise one's security, especially if they would user hardware authenticators as well. Also, viruses cannot simply be infecting on a person's device without him doing unsafe and unsecured activities, both online and offline.

Therefore, you can be "safe" if and only if you have genuine antivirus and programs installed on your device, and not downloading cracked nor patched applications. Lastly, most legitimate antivirus nowadays do tend to be updating their system daily as people keeps making dozens of virus online, making them instantly blacklisting any suspicious programs that may or might have been infected. Hence, 2FA is still the best safety precaution - regardless of your device's protection.

Anti viruses guard against already known malicious code, and likely malicious code it is by no means a necessary program to have, and I would estimate most technical users opt not to use anti virus software, and simply follow a security protocol. I follow my own protocol that I've continually developed throughout the years, and two factor authentication is included that. However, I'm definitely vulnerable to more heinous attacks, as is everyone.  New malicious code is being developed every day, and it isn't going to slow down any time soon. What you have to do, is stay up to date, and adjust your habits accordingly. Even then, no one is ever 100% safe, and there will always be associated risks when connected to the internet. Two factor authentication on a dedicated device just for that would alleviate some of the problems, and as long as the network isn't compromised would be a decent way of doing it,  but in truth not many people are willing to go to that lengths, and that's exactly how people get compromised.

[StephenJH]

I personally use the Authy desktop app and it is super easy to use. From the security side, you can encrypt the app data in order to prevent the attacker to gain access to backup keys. Otherwise, the master password function is available for the Authy app, this is important to get rid of third-party access in any case. The only vulnerability is hackers can get into PC with remote access which can do anything with admin rights, unfortunately.

[Casdinyard]

Even then, no one is ever 100% safe, and there will always be associated risks when connected to the internet. Two factor authentication on a dedicated device just for that would alleviate some of the problems, and as long as the network isn't compromised would be a decent way of doing it,  but in truth not many people are willing to go to that lengths, and that's exactly how people get compromised.

Agreed. There are people that tends to be 'safe' yet haven't noticed their device was already infected by a virus or already had backdoor in his computer. Nonetheless, some 2FA programs do have a strong security, as none of them cannot be published without taking the security of their program as their main priority. Though they can be hacked through network being compromised (especially 2FA that requires texting your phone), I think people would go that far just to get your credentials or account. I've seen a lot of dark hacking activities online yet there are still more ethical hackers than the blackhats (hopefully).

[welovedcrypto]

Using 2FA app on same computer through which you are accessing your exchanges, wallets or any other sites then it is relly not safe at all.

Use mobile phone instead of using in PC.  Also you should try to avoid use of email address at two devices (desktop and mobile). Email accounts are vulnerable and hackers may hack your mobile using your email.