Two-step verification

Fixing and making things, what tools to get and what skills to learn, ...
Post Reply
jacob
Site Admin
Posts: 15907
Joined: Fri Jun 28, 2013 8:38 pm
Location: USA, Zone 5b, Koppen Dfa, Elev. 620ft, Walkscore 77
Contact:

Two-step verification

Post by jacob »

Two-step verification is becoming more and more mandatory. I don't have a cellphone and would rather not have to get one just so I can log into websites.

Any recommended way around this that doesn't involve a phone+plan?

User avatar
jennypenny
Posts: 6851
Joined: Sun Jul 03, 2011 2:20 pm

Re: Two-step verification

Post by jennypenny »

Can you use an app like freecall or textnow on your laptop to get a temp phone # to receive the text verification?

Scott 2
Posts: 2824
Joined: Sun Feb 12, 2012 10:34 pm

Re: Two-step verification

Post by Scott 2 »

Two step is something you have and something you know. It's a very good thing for your security. At some point, your user and password will become public, two factor protects you.

Most sites should support both a phone number and an email as the something you have.

A third option is an authentication token, like Yubikey. You plug it into a USB port and push a button. Support for this is mixed, but big players like Google will.

A VOIP service that accepts text is another option. Personally, I'd prefer something less easily compromised, and would be very selective with the vendor.

OTCW
Posts: 437
Joined: Thu Mar 31, 2011 12:55 am

Re: Two-step verification

Post by OTCW »

The two step sites I have used have email as an option.

ether
Posts: 263
Joined: Sat Nov 17, 2012 1:50 am
Location: Jacksonville, FL
Contact:

Re: Two-step verification

Post by ether »

Not an issue! Been using theses services for the past 4 years with little issue:

*https://www.textnow.com/signup
*https://voice.google.com/signup
*https://www.freedompop.com/phone

The main issue is that tons of fraudsters use these services to help make lots of zombie accounts for sites that require two factor and they can be pretty easily used to impersonate people and do all sort of nefarious things, so a lot of high end sites: banking, government, insurance will DEMAND a phone number that is tied to your name, think Verizon, AT&T cell contracts. In that case the easiest work around is to buy a burner phone from the grocery store for $30 and just pay as you go.

ducknalddon
Posts: 249
Joined: Fri May 20, 2016 5:55 am

Re: Two-step verification

Post by ducknalddon »

If you are using Windows you could try something like https://winauth.com/download/

Note: I haven't used it, I just found it via Google.

The downside is your second factor is on your PC, I prefer to keep it separate which is why I use a Yubikey.

enigmaT120
Posts: 1240
Joined: Thu Feb 12, 2015 2:14 pm
Location: Falls City, OR

Re: Two-step verification

Post by enigmaT120 »

I use my email for that all the time. Just copy the code they send and paste it where I need it.

User avatar
C40
Posts: 2748
Joined: Thu Feb 17, 2011 4:30 am

Re: Two-step verification

Post by C40 »

I've been using google voice for years. You can use it (both texts and calls) on the internet with your computer. Every once in a while, a place will not want to use an internet based number, but that happens very rarely.

IlliniDave
Posts: 3845
Joined: Wed Apr 02, 2014 7:46 pm

Re: Two-step verification

Post by IlliniDave »

For the most part I use email. There are a couple things, like my 401k account that I might have to occasionally access from work that I use my cell phone for (can't access personal email from the office LAN).

George the original one
Posts: 5404
Joined: Wed Jul 28, 2010 3:28 am
Location: Wettest corner of Orygun

Re: Two-step verification

Post by George the original one »

Disposable email address. I'm not handing out my phone number just to have it go into a database and be misused!

ducknalddon
Posts: 249
Joined: Fri May 20, 2016 5:55 am

Re: Two-step verification

Post by ducknalddon »

OTCW wrote:
Fri Jun 09, 2017 9:35 am
The two step sites I have used have email as an option.
Isn't this still a weakness, if your PC is compromised then the assailant has access to your email. The point of 2FA is there is another device the hacker doesn't have access to.

BRUTE
Posts: 3797
Joined: Sat Dec 26, 2015 5:20 pm

Re: Two-step verification

Post by BRUTE »

still better than just password - assailant could have been looking over ducknalddon's shoulder and seen the username/password. access to PC/email is one more step.

simplex
Posts: 212
Joined: Sun Sep 04, 2011 9:28 pm
Location: NL

Re: Two-step verification

Post by simplex »

Nowadays, two-factor (not two-step) is often a joke, as people access websites by smartphone, and get the access token texted to the same phone.

That said, two-factor delivers better security for some scenarios, like people stealing your email password.

Stahlmann
Posts: 1121
Joined: Fri Sep 02, 2016 6:05 pm

Re: Two-step verification

Post by Stahlmann »

(It is a little derail of the topic, but I mean about situation when we do not have cellphone and we encounter some problems with 2FA and modern world altogether)

Guise! :D

How will you resolve issues when somebody will withdraw money from your bank account/brokerage?
(in my country big transactions need to be confirmed by SMS token; I heard that services for retailer customers are not so sophisticated in USA :D)
I mean that algorithms which gives you money back from the bank tend to be pain in the neck :D (if they consist of less personal data about you)

Anyway, how have you survived interviews? Do you have skype number?

TimeTravel
Posts: 71
Joined: Sat Dec 10, 2016 1:04 pm

Re: Two-step verification

Post by TimeTravel »

Though not perfect, Two-step verification is better than no verification at all or challenge questions like "What is your mother's maiden name?"

Zeran
Posts: 32
Joined: Thu Jan 17, 2013 3:34 pm

Re: Two-step verification

Post by Zeran »

One of these or the equivalent app on a computer will handle the 2FA.
https://www.yubico.com/product/fido-u2f-security-key/
Phone numbers are not "2FA" since phone numbers are not a thing you own. Adding a phone number to an online account reduces the security. So given the option use an Authenticator / U2F key.

Post Reply