Thread: 2014: The Year of the MEGA Data Breach
View Single Post
Old 10-20-2014, 05:36 PM   #19
FizzyWater
You kids get off my lawn!
FizzyWater ought to be getting tired of karma fortunes by now.FizzyWater ought to be getting tired of karma fortunes by now.FizzyWater ought to be getting tired of karma fortunes by now.FizzyWater ought to be getting tired of karma fortunes by now.FizzyWater ought to be getting tired of karma fortunes by now.FizzyWater ought to be getting tired of karma fortunes by now.FizzyWater ought to be getting tired of karma fortunes by now.FizzyWater ought to be getting tired of karma fortunes by now.FizzyWater ought to be getting tired of karma fortunes by now.FizzyWater ought to be getting tired of karma fortunes by now.FizzyWater ought to be getting tired of karma fortunes by now.
 
FizzyWater's Avatar
 
Posts: 4,220
Karma: 73492664
Join Date: Aug 2007
Location: Columbus, Ohio
Device: Oasis 2 and Libra H2O and half a dozen older models I can't let go of
Quote:
Originally Posted by eschwartz View Post
Email addresses are something you know, not something you have. Epic fail.

http://en.wikipedia.org/wiki/Multi-f...authentication

2-step != 2-factor

http://en.wikipedia.org/wiki/Two-step_verification


General rant.
Two-step authentication using a single factor means that the person developing the security protocol has missed the whole point altogether.

Google, for example, uses a proper two-factor authentication. You need something you know (username+password) AND something you have (phone).
Um, that's the same thing I do for the Chase login. I do have the option to have it sent to email, if that's my choice, but the choices also include having it go to my cell phone (or home, or work). I can tell it to remember my computer (when I'm at home, for example) or not (when I'm at work, although officially no one else can get on my work computer, I'd still rather not have that cookie saved there).
FizzyWater is offline   Reply With Quote