Force Two-Factor

[neilj]

Quote:

Originally Posted by DrStrabismus

This cluster with 25 GPU cards can process 63 billion SHA1 hashes per second.

Of course, your passwords at FastMail are hashed with bcrypt, which is several orders of magnitude slower to calculate (SHA1 is designed to be fast; bcrypt hashing is slow precisely to prevent brute force attacks).

Neil.

[DrStrabismus]

Quote:

Originally Posted by neilj

Of course, your passwords at FastMail are hashed with bcrypt, which is several orders of magnitude slower to calculate (SHA1 is designed to be fast; bcrypt hashing is slow precisely to prevent brute force attacks)..

I did mention bcrypt taking a billion years on that hardware.

The reason it's hard to crack is not because it was designed to be slow, you can make any password hash as slow as you like by varying the number of iterations, it's because it doesn't work well on current GPUs.

Scrypt is supposed to be even better, it's specifically designed to run optimally with a ratio of processing power to memory that's characteristic of server hardware.

[luisgerhorst]

I'm not sure that it is clear that 2FA provides a much better security than any password can do. The point is that with 2FA you need to know something (your password) and you need to have something (your phone) to authenticate yourself. A password can be stolen and you won't notice, but if your phone get's stolen/lost, you'll notice and can for example reset your password using backup codes you printed on a paper and stored at a safe place when enabling 2FA.

[b7j0c]

Quote:

Originally Posted by robn

Our current recommendation is to set it to a very long, complex master password that you can't possibly remember and then print it and store it in a safe or similar. We're not keen on enforcing two-factor on the master password because if you lose your second factor then you're completely locked out of your account.

We already support Google Authenticator for two-factor logins.

but isn't the common practice to provide a list of single-use backup codes in case of a misplaced device? maybe I'm a little confused how your scheme differs from google etc

[Lnguyen]

Quote:

Originally Posted by b7j0c

but isn't the common practice to provide a list of single-use backup codes in case of a misplaced device? maybe I'm a little confused how your scheme differs from google etc

I would echo this. Most services give at least a single recovery code

As for two factor vs super long password, isn't it good to give the user a choice if feasible? I could see a keylogger being something that can defeat a long password (though, not sure how likely that is if you're using a password manager).

Alternatively, keeping the status quo, I wouldn't mind having some kind of alert for odd logins. Say I log in at home and work often. Suddenly seeing a log in from a location across the country (or another country), could send a flag to my backup address or some other defined address.

[paul29]

Yes, luisgerhorst has it right, 2FA is basically pointless unless it's impossible to bypass (short of a one-time recovery code). The whole idea of 2FA is that passwords are inherently insecure, because of the possibility of client exploits, server breaches, spoofed TCP sessions (even with fake SSL certificates that we've seen multiple times) etc. If there's such a thing as a re-usable master password, it can be intercepted and exploited.