Combined with a strong passphrase like those generated by password managers such as 1Password or LastPass, a 2FA login is quite effective at verifying your identity.īut no matter how strong a password is, or what level of code-based authentication a website is using, any system that sends codes in a text message can be compromised from afar by a skilled attacker. When a unique scramble of numbers shows up on your phone, you type them into the browser along with your password at the login screen. One of the more common 2FA methods in use today employs six-digit passcodes that are sent to your phone via text message.
This protocol-commonly abbreviated as 2FA-requires you to type in a password and also provide one other piece of proof that you are who you say you are before you can log in to a service. One of the most important steps you can take to secure your online services is setting up two-factor authentication. I think I get around most of your concerns by A) carrying my Yubikey so I dont need more than 1, and B) having a secondary admin with their own Yubikey (and if it's not something you want someone else to have access to, make a second admin account with a Yubikey that you keep in the fireproof safe).As we become more dependent upon online platforms for social and professional purposes, it grows increasingly important that we embrace stronger online security measures. I just think allowing multiple Yubikeys on a single account goes against the security that a Yubikey provides, and as you pointed out, even if this was added.How many is enough? 2? 3? 5? Whatever limit they set isn't going to be enough for someone. I dont want to hijack this thread any more. Most products with 2FA have some form of recovery built in also, like a PIN code that should be secured. With some discovery, we determined an old employee (CFO) had made himself a domain admin and they were able to reach out to him, AND he remembered his password, and we were able to at least get things sort of functional again (before starting over from scratch). I walked into a really bad AD environment once where the Administrator account was corrupted somehow and you couldn't login.
An account can become corrupted or broken, or a poorly designed policy or setting can lock you out (O365 actually warns you about this when making Conditional Access changes) etc. This actually provides you with redundancy in access, but having two yubikeys on a single account does not. There should always be a backup administrative account to everything and yes it should be secured as well.
0 kommentar(er)
