Security notes / Multi-Factor Authentication: Difference between revisions
Jump to navigation
Jump to search
mNo edit summary |
|||
| Line 6: | Line 6: | ||
<!-- | <!-- | ||
===For everyday people=== | |||
In a nutshell, MFA means you need more than one thing to get you in. | In a nutshell, MFA means you need more than one thing to get you in. | ||
: If something found out your password, it doesn't get them in | : If someone/something found out your password, it doesn't get them in | ||
: If someone stole your bank-issued gadget, it doesn't get them in | : If someone stole your bank-issued gadget, it doesn't get them in | ||
| Line 15: | Line 21: | ||
It becomes very easy to lock someone out of a bank. | It becomes very easy to lock someone out of a bank. | ||
If you need both the password and clicking okay on your phone? | |||
If you need both the password on a website, and to clicking okay on your phone? | |||
It becomes very easy to prevent online brute force attacks. | It becomes very easy to prevent online brute force attacks. | ||
It's not just two... things... *handwave* | |||
It still needs to be done right. | |||
| Line 24: | Line 36: | ||
how to ensure fewer points of potential snooping, | how to ensure fewer points of potential snooping, | ||
and much more. | and much more. | ||
But frankly, most of these details don't matter to everyday users. | But frankly, most of these details don't matter to everyday users. | ||
Using 2FA at all goes a long way, to making the more important things harder to get into. | Using 2FA at all goes a long way, to making the more important things harder to get into. | ||
| Line 48: | Line 48: | ||
If your mail is not 2FA protected itself? | If your mail is not 2FA protected itself? | ||
Yes, in the sense that it is the most fragile part of your personal security | Yes, in the sense that it is the most fragile part of your personal security. | ||
Since we are moving both to more 2FA and to checking via mail, | |||
'''your email address may be the most important thing to 2FA ''first''.'''. | |||
===For more technical people=== | |||
'''Multi-factor authentication''' (MFA) a.k.a. '''N-factor authentication''' | '''Multi-factor authentication''' (MFA) a.k.a. '''N-factor authentication''' | ||
means you need to provide multiple things as proof of identity. | means you need to provide multiple things as proof of identity. | ||
In practice, MFA usually means 2-factor (a.k.a. 2FA) because | |||
: two rather than one helps a ''lot'' | |||
: more quickly gets ''very'' tedious, which means people won't want to use it at all. | |||
Two factors then are usually "something you have, and something you know", | Two factors then are usually "something you have, and something you know", | ||
| Line 73: | Line 78: | ||
However, downsides include | However, downsides include | ||
: brute-forceability | : can be ''found out'' without you knowing - e.g. via brute-forceability | ||
: someone can duplicate by overhearing it - it is reusable indefinitely (no [[forward security]]) | : someone can duplicate by overhearing it - it is reusable, possibly indefinitely (no [[forward security]]) | ||
: | : you will not easily find out it is comprimised, even if it actively used | ||
: [http://news.bbc.co.uk/2/hi/technology/3639679.stm easily be traded for chocolate]). | : [http://news.bbc.co.uk/2/hi/technology/3639679.stm easily be traded for chocolate]). | ||
Revision as of 13:01, 28 March 2024
| Security related stuff.
Securing services
Unsorted - · Anonymization notes · website security notes · integrated security hardware · Glossary · unsorted |
On multi-factor authentication
✎ This article/section is a stub — some half-sorted notes, not necessarily checked, not necessarily correct. Feel free to ignore, or tell me about it.