[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Fwd: [Krebs on Security] The Limits of SMS for 2-Factor Authentication
- To: Flora <http://www.gmail.com/~flora>
- Subject: Re: Fwd: [Krebs on Security] The Limits of SMS for 2-Factor Authentication
- From: http://dummy.us.eu.org/robert (Robert)
- Date: Thu, 08 Sep 2016 08:46:52 -0700
- Cc: Flora E <http://www.state.vt.us/~Flora.>, Noelle <http://dummy.us.eu.org/noelleg>, Flora E <http://profiles.yahoo.com/Flora>, Flora E <http://www.vermont.gov/~flora.>
- Keywords: our-San-Jose-phone-number<
> From: Flora <http://www.gmail.com/~flora>
> Date: Thu, 8 Sep 2016 11:34:52 -0400
>
> SSA doesn't *require* 2 factor authentication, but it's still available.
> https://www.ssa.gov/myaccount/
Ah. But, it's still unclear whether they are moving towards 2-factor or
not. My feeling is that they'll need something that doesn't depend solely
upon cell phones.
> We may not like the idea of Google giving up our personal info to the
> government, but they are one of the best companies in regards to security.
While that may be true, it is still a single point of failure.
Diversifying break points would be much better, but there is no current
option for this.
> I think many government entities have a ways to go in protecting our PII.
>
> On Sep 8, 2016 9:56 AM, "Robert" <http://dummy.us.eu.org/robert> wrote:
> > I like the Google Authenticator idea, and even the "push" technology
> > mentioned, but I just wish it weren't *Google* -- which, from Edward
> > Snowden's leaked documents show, is just another corporate entity willing
> > to bend over backwards at the government's behest. Someone needs to come
> > up with a non-centralized, distributed authentication system that doesn't
> > have a single point of failure.
> >
> > P.S. BTW, it's funny that he mentioned the Social Security Administration
> > moving towards 2-factor. He must have written this before the SSA
> > reversed themselves...