[ overboard / sfw / alt / cytube] [ leftypol / b / WRK / hobby / tech / edu / ga / ent / music / 777 / posad / i / a / R9K / dead ] [ meta ]

/tech/ - Technology

"Technology reveals the active relation of man to nature"
Name
Email
Subject
Comment
Captcha
Tor Only
Flag
File
Embed
Password (For file deletion.)
Matrix   IRC Chat   Mumble   Telegram   Discord
ReturnCatalogBottom

File: 1625130121380.jpg ( 37.62 KB , 900x506 , social-coercion.jpg )

 No.9689

Nice, now I have to carry my fucking phone around with me every time I want to check my fucking work emails because some prick at IT decided to force everyone on to two-factor authentication in order to interact with the mail server. So much for choosing to opt out of mass surveillance and the socially-malignant perpetual connectedness of carrying a phone everywhere. So much for email being convenient.

It disgusted me when Google and other Silicon Valley monopolies started forcing 2FA on people because I see it as little more than an excuse to coerce people into giving up contact information to better track and surveil them. What's the real deal with two-factor authentication? Why is it seemingly impossible to find an article critical towards it on a simple web search?
>>

 No.9692

File: 1625134514686.jpg ( 53.09 KB , 1024x487 , 1024px-RSA_SecurID_SID800.jpg )

Most of the criticism show you how hackers can break 2FA. For example, someone ports your number away from you and then they receive the 2FA codes. There was also this case of 2FA codes being sent via voice. The hacker would call the person just before the 2FA code was sent, so it would go to voicemail. Meanwhile, the phone company left the default password on the voicemail server, so the hacker could access the code through voicemail.

If your IT department was serious about 2FA, they should use security tokens that are almost impossible to hack and don't require a phone.
>>

 No.9694

>>9692
>use the secure token
For some reason we have to try out all the insecure authentications, and only when all of that has failed is it allowed to do the secure thing and use a token
>>

 No.9696

>I see it as little more than an excuse to coerce people into giving up contact information to better track and surveil them
You aren't wrong, your IT department is retarded.
https://blog.cmpxchg8b.com/2020/07/you-dont-need-sms-2fa.html
>>

 No.9697

>Why is it seemingly impossible to find an article critical towards it on a simple web search?

We need to break this search engine monopoly over what information is available. It's amazing how you can't find anything critical about entrenched IT shit like "cloud", or 2FA or any reliable information about user data being sold except in obscure mailing lists and niche tech communities.
I hope searx takes off.

Also, "IT departments" are cargo cults a majority of the time. Just blindly following whatever is "recommended" to them through their infra provider like IBM or Oracle, or the cloud providers like AWS or Azure these days.
>>

 No.9702

>>9689
>an excuse to coerce people into giving up contact information to better track and surveil them
Use TOTP instead of SMS.
>Why is it seemingly impossible to find an article critical towards it on a simple web search?
Because 2FA is a good thing. Most people use insecure or reused passwords. Any competent IT department requires it because it massively reduces the risk of account compromise.
>>

 No.9703

I use this for github, no contact information needed, works offline, free software: https://f-droid.org/en/packages/org.shadowice.flocke.andotp/

Unique IPs: 6
[Return][Catalog][Top][Home][Post a Reply]
Delete Post [ ]
[ overboard / sfw / alt / cytube] [ leftypol / b / WRK / hobby / tech / edu / ga / ent / music / 777 / posad / i / a / R9K / dead ] [ meta ]
ReturnCatalogTopBottomHome