This blog was written by an independent guest blogger.
I was logging into one of my favorite online shopping sites the other day, and, as with all my other sites, I was presented with the multi-factor authentication prompt to complete the login process. Anyone who knows me, knows that I have been a long-time supporter of multi-factor, or 2-step verification of any kind.
The only problem I had with the login on this occasion, was that my phone was dead. Like most folks, my phone contains the authenticator applications that allow me to log into most of the sites that do not allow the use of a FIDO hardware token. This created an unusual conundrum, whereas, not only does my phone contain the authenticator application, but the only backup method the site offers is to send a text message to a registered phone number if the authenticator application is unavailable. The problem is that the registered phone number is attached to the same dead phone that contains the authenticator application.
Usually, this is not a problem, as most sites that have fully thought through their implementation of multi-factor authentication have also considered the problem of the lost, or otherwise non-functioning phone, and they issue one-time codes when the 2FA process is first enabled. These codes can be stored in a safe place.
Recently, when Google announced to a select group of GMail users that their mail account will be forced to use multi-factor authentication, many people protested. While I can understand the shock that many felt at the imposition of an unsolicited change to the login process, I commended the fact that steps were being taken to protect these vulnerable accounts. Google also did everything right, that is, they gave people multiple options to verify the log in process, including one-time backup codes to be used if the authenticating device is unavailable.
Many people who dislike multi-factor will lament at the thought of also having to store what amounts to other passwords, as one-time codes can arguably be thought of as just another password. This is where a password manager can serve double-duty to assist the password-weary.
Most password managers offer text fields that often go ignored and unused. However, that big open space can be used to store a ton of useful information. For example, the one-time codes can be stored there, in addition to the random answers to the common security questions asked by many sites.
None of what I am positing here should be misinterpreted to think that I am against multi-factor authentication in any way. Until passwordless technology replaces the current methods, I will remain committed to supporting 2FA as the best method we have right now. In the meantime, the problem that needs to be addressed is how to get more sites to fully realize their multi-factor implementations, and offer one-time codes along with whatever other methods they use for their enhanced security options. One has to wonder why this was overlooked in the first place? Until these solutions are established, I suppose I need to be more diligent about keeping my phone charged. Happy shopping!
More Stories
How to Avoid Romance Scams
It’s the romance scam story that plays out like a segment on a true crime show. It starts with a...
“Junk gun” ransomware: the cheap new threat to small businesses
A wave of cheap, crude, amateurish ransomware has been spotted on the dark web - and although it may not...
US Takes Down Illegal Cryptocurrency Mixing Service Samourai Wallet
The two founders of Samourai Wallet have been charged with money laundering and unlicensed money-transmitting offenses Read More
Hacker posts fake news story about Ukrainians trying to kill Slovak President
Czech news agency ČTK announced on Tuesday that a hacker had managed to break into its systems and published fake...
State-Sponsored Espionage Campaign Exploits Cisco Vulnerabilities
An advisory from Cisco Talos has highlighted a sophisticated cyber-espionage campaign targeting government networks globally Read More
How to Protect Your Smartphone from SIM Swapping
You consider yourself a responsible person when it comes to taking care of your physical possessions. You’ve never left your wallet in...