When they use your phone number as a method of verifying who you are, it's relatively easy to reset a password by calling in or sometimes just online if you have the phone number. So, as long as you have a good password scheme in place (and are not using an autofill password app on your devices), I wouldn't worry about the SMS angle. "If I ruled Mars, I'd make 100% sure ieeee could get Gmail." And length is really the strength of a password, not complexity (at least not until the quantum PCs become commonplace). And it should have something that changes for each website - like "If I ruled Mars, I'd make 100% sure ieeee could get Gmail." (where Gmail changes with the domain name of each site and "I" is replaced with something strange like "ieeee" just to keep it interesting).Īccording to, it would take "7 untrigintillion years Don't use the first sentence (or any sentence) from a published work. Long passwords (something I had used for YEARS before Microsoft finally caught up) are the first line of defense.Ī sufficient password should ideally be a sentence that only you would know. I agree that SMS is not secure, but you should not be using SMS alone to get into an app. I use Authy, and I was able to switch it between phones fairly easily, plus it can be setup to require authentication, plus you should have your phone set up to lock automatically anyway, right? At least with an authenticator app they need physical access. These days it's trivial for a hacker to reroute your phone number to a different phone if they want to. Using SMS instead of an authentication app is going backwards. ![]() Personally, I like 1Password Opens a new windowthe best. Or, you can use something like 1Password Opens a new windowor MyAuth Opens a new window(or even Microsoft's Authenticator Opens a new window) as referenced in the video linked to above. Use a sufficiently long password (it should be a long sentence with a special twist that only you know) and use SMS 2FA instead. IMHO, you should just say no to Google Authenticator whenever you can. ![]() Anyone with physical access to your phone has access to your 2FA accounts with Google Authenticator. Here's a great video showing some of the other issue with Google Authenticator that you (like me) may not have thought about - like the fact that there is no lock on the app. Some of those accounts (like Binance - a bitcoin trading platform) can take up to 2 weeks to process your request.ĭuring that time, lots of things can happen to your bitcoin. You will need to go to each account that you used Google Authenticator for and see what steps they have in place for you to regain access to your accounts - one by one. There is NO WAY to recover the Google Authentication codes used by Google Authenticator on your old phone once it has been lost or stolen. After a little digging I found that there is no way to recover Google Authentication codes if you lose or format your old phone before going through the Google transfer procedure (which requires both the new and old phones). Two or three days pass and she called me this morning because Google Authenticator was not working on her new iPhone and she was locked out of a $300,000 Binance account. What I did do is advise her to keep her old phone for a few days while she worked on her new phone just in case the move had any problems.Īfter 4 days with her new phone she announced that all was well and wanted me to format the old phone and repurpose it as an office phone at her business, which I did - after making sure that she said all was well with the new iPhone. ![]() ![]() I made the move for her, but I did NOT go through every app on her phone to see what she was using. I just found that out when a client bought a new iPhone and had me move her old AppleID account to her new iPhone. Did you know that, should you drive away with your phone on the roof of your car, or should your phone be stolen, that you will be locked out of all accounts that used Google Authenticator on your old phone?
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |