Last Updated: February 25, 2016
·
682
· destructuring

Use two-factor auth but not with an app

#security

Two-factor authorization makes it hard for thieves and owners. Thieves have to acquire the phone/dongle and owners have to keep it. Google's two-factor authentication is popular, works on a phone as sms, voice, or application.

Avoid the application because you don't know how the phone or application manages the secret tokens. It's not possible for normal people to restore those tokens if they get lost after an iPhone upgrade or memory gets scrambled.

Do use two-factor with SMS messages because it's easy to read, no state is kept on your phone, and is attached to your phone number. If you lost the phone, you can port the phone number to another phone very quickly.

You should also print out the backup codes and carry a few in your pocket with a custom cipher applied.

#security

Written by Tom, Bom

Say Thanks
Respond

Related protips

Goodbye PHP Sessions, Hello JSON Web Tokens

229.9K
21

GPG: Change email for key in PGP key servers

39.83K
0

Redirect authenticated user on anonymous pages in Symfony

31.84K
1

2 Responses
Add your response

mdeiters

have you looked at Authy...its a mobile 2 factor auth app

over 1 year ago ·
destructuring

Authy is neat for adding 2 factor to your service, but I'm staying away from applications since I can't recover from a lost phone or wiped OS. With SMS, I can easily port my number to another phone.

over 1 year ago ·

Have a fresh tip? Share with Coderwall community!

Post
Post a tip
Best #Security Authors
rmcdaniel
229.5K
#security
#JavaScript
#Open Source
w0ng
39.45K
#security
#VimL
#JavaScript
zdenekdrahos
31.68K
#security
#php
#Html::Css
jasny
26.21K
#security
#JavaScript
#C
nmalcolm
26.07K
#security
#PHP
#python
Related Tags
#security
Sponsored by
#native_company#
#native_desc#
#native_cta#
Awesome Job
See All Jobs
Post a job for only $299
Thanks to our sponsor
Sponsored by #native_company# — Learn More
#native_title# #native_desc#
#native_cta#