In my last post regarding weaknesses in how 2FA is implemented in the systems we rely on to secure us, I teased a thought that had occurred to me in going through the analysis I presented in the post. As usual, life intervened to distract me, but this recent post by Coinbase sharing their experience of
Two Factor Authentication (or 2FA) has been in the news a lot recently. There was the kerfuffle over NIST putting into their update of 800-63 that SMS-based 2FA is insufficiently secure and should be deprecated (something most security experts agree on). That update (still in draft) came too late for the Social Security Administration (SSA),
It all started with a tweet I sent regarding the position on passwords and password managers that a member of Microsoft Research was taking in an NPR article (I’ll expand on my viewpoint in a later blog post). But one of the resulting responses I received sent me down a very interesting rabbit hole. Faux 2FA? Of course I