Reply to post: Re: Worse for us

Brian Krebs criticises PayPal’s security as authentication flaws exposed

Intractable Potsherd Silver badge

Re: Worse for us

"It's always the same two questions. So, one person peering over your shoulder, a keylogger or just someone who's able to do some basic research to find your mum's maiden name and your 2FA becomes sweet FA."

One person peering over your shoulder - who in their right mind allows this to happen?

A keylogger - difficult to install, and needs a lot of motivation.

Mum's maiden name - depressing to say, this is a genuine weak point because people *do* use the actual name. I haven't done so for years, but trying to persuade family members not to do so seems to be impossible.

On the other hand: "If you don't have your phone to hand, or can't be arsed to look at it ...": why sign up for 2FA if you aren't going to use it? If it is inconvenient to look at your phone, wait until it is. However, since any 2FA is, by definition, going to rely on some sort of device (key fob or whatever), you are arguing that no 2FA is going to suit you. Since security is always a trade-off with convenience, you will always be dissatisfied.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2021