Two-step verification

What skills to learn, what tools to get
Post Reply
jacob
Site Admin
Posts: 9033
Joined: Fri Jun 28, 2013 8:38 pm
Location: USA, Zone 5b, Koppen Dfa, Elev. 620ft, Walkscore 73
Contact:

Two-step verification

Post by jacob » Fri Jun 09, 2017 8:29 am

Two-step verification is becoming more and more mandatory. I don't have a cellphone and would rather not have to get one just so I can log into websites.

Any recommended way around this that doesn't involve a phone+plan?

User avatar
jennypenny
Posts: 5296
Joined: Sun Jul 03, 2011 2:20 pm
Location: Stepford USA

Re: Two-step verification

Post by jennypenny » Fri Jun 09, 2017 8:45 am

Can you use an app like freecall or textnow on your laptop to get a temp phone # to receive the text verification?

Scott 2
Posts: 811
Joined: Sun Feb 12, 2012 10:34 pm

Re: Two-step verification

Post by Scott 2 » Fri Jun 09, 2017 9:30 am

Two step is something you have and something you know. It's a very good thing for your security. At some point, your user and password will become public, two factor protects you.

Most sites should support both a phone number and an email as the something you have.

A third option is an authentication token, like Yubikey. You plug it into a USB port and push a button. Support for this is mixed, but big players like Google will.

A VOIP service that accepts text is another option. Personally, I'd prefer something less easily compromised, and would be very selective with the vendor.

OTCW
Posts: 261
Joined: Thu Mar 31, 2011 12:55 am

Re: Two-step verification

Post by OTCW » Fri Jun 09, 2017 9:35 am

The two step sites I have used have email as an option.

ether
Posts: 164
Joined: Sat Nov 17, 2012 1:50 am
Contact:

Re: Two-step verification

Post by ether » Fri Jun 09, 2017 9:51 am

Not an issue! Been using theses services for the past 4 years with little issue:

*https://www.textnow.com/signup
*https://voice.google.com/signup
*https://www.freedompop.com/phone

The main issue is that tons of fraudsters use these services to help make lots of zombie accounts for sites that require two factor and they can be pretty easily used to impersonate people and do all sort of nefarious things, so a lot of high end sites: banking, government, insurance will DEMAND a phone number that is tied to your name, think Verizon, AT&T cell contracts. In that case the easiest work around is to buy a burner phone from the grocery store for $30 and just pay as you go.

ducknalddon
Posts: 200
Joined: Fri May 20, 2016 5:55 am

Re: Two-step verification

Post by ducknalddon » Fri Jun 09, 2017 10:00 am

If you are using Windows you could try something like https://winauth.com/download/

Note: I haven't used it, I just found it via Google.

The downside is your second factor is on your PC, I prefer to keep it separate which is why I use a Yubikey.

enigmaT120
Posts: 907
Joined: Thu Feb 12, 2015 2:14 pm
Location: Falls City, OR

Re: Two-step verification

Post by enigmaT120 » Fri Jun 09, 2017 10:37 am

I use my email for that all the time. Just copy the code they send and paste it where I need it.

User avatar
C40
Posts: 1854
Joined: Thu Feb 17, 2011 4:30 am
Location: Western U.S.
Contact:

Re: Two-step verification

Post by C40 » Fri Jun 09, 2017 3:02 pm

I've been using google voice for years. You can use it (both texts and calls) on the internet with your computer. Every once in a while, a place will not want to use an internet based number, but that happens very rarely.

IlliniDave
Posts: 1675
Joined: Wed Apr 02, 2014 7:46 pm

Re: Two-step verification

Post by IlliniDave » Fri Jun 09, 2017 5:54 pm

For the most part I use email. There are a couple things, like my 401k account that I might have to occasionally access from work that I use my cell phone for (can't access personal email from the office LAN).

George the original one
Posts: 4242
Joined: Wed Jul 28, 2010 3:28 am
Location: Wettest corner of Orygun

Re: Two-step verification

Post by George the original one » Fri Jun 09, 2017 9:07 pm

Disposable email address. I'm not handing out my phone number just to have it go into a database and be misused!

ducknalddon
Posts: 200
Joined: Fri May 20, 2016 5:55 am

Re: Two-step verification

Post by ducknalddon » Sat Jun 10, 2017 5:40 am

OTCW wrote:
Fri Jun 09, 2017 9:35 am
The two step sites I have used have email as an option.
Isn't this still a weakness, if your PC is compromised then the assailant has access to your email. The point of 2FA is there is another device the hacker doesn't have access to.

User avatar
BRUTE
Posts: 2520
Joined: Sat Dec 26, 2015 5:20 pm

Re: Two-step verification

Post by BRUTE » Sat Jun 10, 2017 11:35 am

still better than just password - assailant could have been looking over ducknalddon's shoulder and seen the username/password. access to PC/email is one more step.

simplex
Posts: 182
Joined: Sun Sep 04, 2011 9:28 pm
Location: NL

Re: Two-step verification

Post by simplex » Mon Jun 12, 2017 2:41 pm

Nowadays, two-factor (not two-step) is often a joke, as people access websites by smartphone, and get the access token texted to the same phone.

That said, two-factor delivers better security for some scenarios, like people stealing your email password.

Stahlmann
Posts: 239
Joined: Fri Sep 02, 2016 6:05 pm

Re: Two-step verification

Post by Stahlmann » Mon Jun 19, 2017 7:07 am

(It is a little derail of the topic, but I mean about situation when we do not have cellphone and we encounter some problems with 2FA and modern world altogether)

Guise! :D

How will you resolve issues when somebody will withdraw money from your bank account/brokerage?
(in my country big transactions need to be confirmed by SMS token; I heard that services for retailer customers are not so sophisticated in USA :D)
I mean that algorithms which gives you money back from the bank tend to be pain in the neck :D (if they consist of less personal data about you)

Anyway, how have you survived interviews? Do you have skype number?

User avatar
TimeTravel
Posts: 23
Joined: Sat Dec 10, 2016 1:04 pm

Re: Two-step verification

Post by TimeTravel » Wed Jun 21, 2017 9:27 am

Though not perfect, Two-step verification is better than no verification at all or challenge questions like "What is your mother's maiden name?"

Zeran
Posts: 25
Joined: Thu Jan 17, 2013 3:34 pm

Re: Two-step verification

Post by Zeran » Wed Jul 12, 2017 2:47 am

One of these or the equivalent app on a computer will handle the 2FA.
https://www.yubico.com/product/fido-u2f-security-key/
Phone numbers are not "2FA" since phone numbers are not a thing you own. Adding a phone number to an online account reduces the security. So given the option use an Authenticator / U2F key.

Post Reply