2FA: Difference between revisions
Brian Wilson (talk | contribs) mNo edit summary |
Brian Wilson (talk | contribs) mNo edit summary |
||
| (One intermediate revision by the same user not shown) | |||
| Line 3: | Line 3: | ||
# Special hardware (eg ETrade) | # Special hardware (eg ETrade) | ||
# Twilio Authy (In addition to devices it runs on desktops too, including Linux) | # Twilio Authy (In addition to devices it runs on desktops too, including Linux) | ||
# Google Authenticator | # Google Authenticator (It turns out this is completely redundant.) | ||
# SMS | # SMS | ||
Listed in order of personal preference. There are others. | Listed in order of personal preference. There are others. Mostly the method is "TOTP", which translates to "Time-dependent One Time Password". | ||
SMS is the least secure, avoid this one. | SMS is the least secure, avoid this one. | ||
I want to try one of the commercial widgets, um, brand? but don't want to pony up the $45 per token. (= $90 because 1 for me one for backup) | I want to try one of the commercial widgets, um, brand? Probably Yubikey, but don't want to pony up the $45 per token. (= $90 because 1 for me one for backup) | ||
The idea here is that you plug the widget in as a USB device and then as long as it's plugged in you don't need to type the 2FA code. | The idea here is that you plug the widget in as a USB device and then as long as it's plugged in you don't need to type the 2FA code. | ||
There is a feature in Psono that lets you leave the TOTP device on one computer and access the code through a Psono client. | |||
== Migrating to > 1 device == | == Migrating to > 1 device == | ||
I | I needed redundancy and I started out with Google Authenticator, which meant everything was on one phone. | ||
If I left the phone at home then I basically can't log in to any service with 2FA for the day. This was very bad. | |||
Twilio Authy -- add more devices whenever it's convenient. Use a phone or a desktop. | Twilio Authy -- add more devices whenever it's convenient. Use a phone or a desktop. | ||
https://www.techrepublic.com/article/how-to-set-up-authy-on-multiple-devices-for-more-convenient-two-factor-authentication/ | https://www.techrepublic.com/article/how-to-set-up-authy-on-multiple-devices-for-more-convenient-two-factor-authentication/ | ||
Google Authenticator -- cancel service at each provider, then add back in and set up all devices. Not convenient. | Google Authenticator -- cancel service at each provider, then add back in and set up all devices at the same time. Not convenient. | ||
I | Since I had to cancel service everywhere I had Google Auth, I migrated to everything to Authy and | ||
then removed Authenticator from my phone. | |||
I now have all 2FA accounts (except ETrade) in Authy, and it takes about 30 seconds to add additional clients. So, I have Authy installed on my work computer and I can leave my phone at home whenever I want! | |||
== Authy guidelines == | == Authy guidelines == | ||
https://authy.com/blog/understanding-2fa-the-authy-app-and-sms/ | https://authy.com/blog/understanding-2fa-the-authy-app-and-sms/ | ||
Latest revision as of 16:41, 5 April 2022
2FA is short for "2 factor authentication", which for me, is based on these.
- Special hardware (eg ETrade)
- Twilio Authy (In addition to devices it runs on desktops too, including Linux)
- Google Authenticator (It turns out this is completely redundant.)
- SMS
Listed in order of personal preference. There are others. Mostly the method is "TOTP", which translates to "Time-dependent One Time Password". SMS is the least secure, avoid this one.
I want to try one of the commercial widgets, um, brand? Probably Yubikey, but don't want to pony up the $45 per token. (= $90 because 1 for me one for backup) The idea here is that you plug the widget in as a USB device and then as long as it's plugged in you don't need to type the 2FA code. There is a feature in Psono that lets you leave the TOTP device on one computer and access the code through a Psono client.
Migrating to > 1 device
I needed redundancy and I started out with Google Authenticator, which meant everything was on one phone. If I left the phone at home then I basically can't log in to any service with 2FA for the day. This was very bad.
Twilio Authy -- add more devices whenever it's convenient. Use a phone or a desktop. https://www.techrepublic.com/article/how-to-set-up-authy-on-multiple-devices-for-more-convenient-two-factor-authentication/
Google Authenticator -- cancel service at each provider, then add back in and set up all devices at the same time. Not convenient. Since I had to cancel service everywhere I had Google Auth, I migrated to everything to Authy and then removed Authenticator from my phone.
I now have all 2FA accounts (except ETrade) in Authy, and it takes about 30 seconds to add additional clients. So, I have Authy installed on my work computer and I can leave my phone at home whenever I want!
Authy guidelines
https://authy.com/blog/understanding-2fa-the-authy-app-and-sms/
