EmailDiscussions.com - View Single Post

n5bb · 20 May 2017, 09:38 AM

Unfortunately, most websites and services don't support two-factor authentication. The problems with the current poor security policies of many services and the way that users set up their security include:

The most important accounts you have are the ones used for resetting account passwords and for two-factor authentication. So your text messaging account and/or email account used for resets and authentication need to be the most secure accounts you set up. You can lose control of all of your other accounts if someone gets control of your reset email account and then proceeds to reset the passwords on all of your services!
The passwords used for each of your accounts need to be unrelated to your other passwords. This is impossible to do if you try to remember long passwords, so it's by far safest if you use password safe software and then make the software for the password safe the only complex password you need to remember.
Because of social media and the personal questions asked by most sites when you set up your account, it's not that hard for a thief to discover the city you were born in, your grandparent's middle names, your first dog and car, etc. If you answer those questions for an account which is then hacked and these answers are revealed, then another site which happens to ask some of the same questions will be much easier to crack. Two-factor authentication doesn't help if the attacker gets control of your reset email account and can guess security questions and the service allows that method of resetting your account.
Authentication phishing can also be a problem. Don't respond to unexpected two factor authentication text or email messages, since it's probably a hacker trying to get you to give them your credentials.
Another potential problem is domain name or DNS theft. If someone steals the domain or obtains control over the DNS records, they can send authentication and password reset messages which only they can read. They can then lock you out of your accounts.

So it's very important that you use different passwords for every service. If you re-use a password, anyone hacking the first account has a good chance of getting into the second account.

Bill

20 May 2017, 09:38 AM	#9
n5bb Intergalactic Postmaster Join Date: May 2004 Location: Irving, Texas Posts: 8,926	Unfortunately, most websites and services don't support two-factor authentication. The problems with the current poor security policies of many services and the way that users set up their security include: The most important accounts you have are the ones used for resetting account passwords and for two-factor authentication. So your text messaging account and/or email account used for resets and authentication need to be the most secure accounts you set up. You can lose control of all of your other accounts if someone gets control of your reset email account and then proceeds to reset the passwords on all of your services! The passwords used for each of your accounts need to be unrelated to your other passwords. This is impossible to do if you try to remember long passwords, so it's by far safest if you use password safe software and then make the software for the password safe the only complex password you need to remember. Because of social media and the personal questions asked by most sites when you set up your account, it's not that hard for a thief to discover the city you were born in, your grandparent's middle names, your first dog and car, etc. If you answer those questions for an account which is then hacked and these answers are revealed, then another site which happens to ask some of the same questions will be much easier to crack. Two-factor authentication doesn't help if the attacker gets control of your reset email account and can guess security questions and the service allows that method of resetting your account. Authentication phishing can also be a problem. Don't respond to unexpected two factor authentication text or email messages, since it's probably a hacker trying to get you to give them your credentials. Another potential problem is domain name or DNS theft. If someone steals the domain or obtains control over the DNS records, they can send authentication and password reset messages which only they can read. They can then lock you out of your accounts. So it's very important that you use different passwords for every service. If you re-use a password, anyone hacking the first account has a good chance of getting into the second account. Bill