![]() I'm in process of totally revamping my online security. The primary email I've used for 20+ years has no 2FA option, and the credit union I've used for the past 45 years doesn't either, which is hard to believe. I don't think I've ever heard a case made for 2FA not being needed, but I have encountered cases where it isn't possible. Any 2FA is better than none, and FIDO security keys, which unlike most other options cannot be phished, are better every single time you use them instead of SMS, even if SMS is always an option. ![]() Phishing and web site hacks are far more common than SIM swapping. I was disappointed when I was able recover my non-APP account after losing my authenticator app (bricked my phone) using just my recovery email, rather than needing my backup codes.Īs I pointed out in another thread, the idea that if SMS can be used as a backup then a security key has no merit is false. I don’t know why they would do that, but unlike many others (e.g., Vanguard, Intuit, SSA) they are not in the habit of making silly mistakes. The thing that gave me pause is I generally think that Google is very good at security, and their Advanced Protection Program, which requires security keys for 2FA, also advises both phone and email recovery options. I recently wrestled with this, and skipped the recovery phone number at first. Does this mean secondary email is the only logical choice for gmail account recovery? Maybe I'm over thinking email security, but doesn't using your mobile number for account recovery pose the same risk as using SMS for 2FA? In both cases, if your phone is hijacked, the hijacker has access to your email account (if they also know your email address).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |