Tag: 2FA

Doing 2FA Better Could Mean Using Social Factors

In my last post regarding weaknesses in how 2FA is implemented in the systems we rely on to secure us, I teased a thought that had occurred to me in going through the analysis I presented in the post. As usual, life intervened to distract me, but this recent post by Coinbase sharing their experience of

Doing 2FA Correctly Requires More Than 2 Factors

Two Factor Authentication (or 2FA) has been in the news a lot recently. There was the kerfuffle over NIST putting into their update of 800-63 that SMS-based 2FA is insufficiently secure and should be deprecated (something most security experts agree on). That update (still in draft) came too late for the Social Security Administration (SSA),

2FA in Password Managers: Fair or Faux

It all started with a tweet I sent regarding the position on passwords and password managers that a member of Microsoft Research was taking in an NPR article (I’ll expand on my viewpoint in a later blog post). But one of the resulting responses I received sent me down a very interesting rabbit hole. Faux 2FA? Of course I