Page 2 of 2 FirstFirst 12
Results 17 to 20 of 20

Thread: 2FA workaround suggestions, sms to email or similar?

  1. #17
    Ghost of Hexus Present sammyc's Avatar
    Join Date
    Nov 2007
    Posts
    3,294
    Thanks
    761
    Thanked
    483 times in 385 posts

    Re: 2FA workaround suggestions, sms to email or similar?

    Not to detract from the usefulness &c of the above but given that most of that is not exactly speaking my language (see aforementioned not being one of 'us lot', fancy tech solution wise), and that I'm a gnat's crotchet away from telling firms what to do with their 2 3 4 or 99 factor authorizations & going off grid - does anything about FIDOs etc etc apply to what I do when ebay or whoever won't budge til you give them a number and/or say they 'need to contact me by SMS', full stop? I assume full stop, unless they are keeping 6 sneaky alternatives from me. I take all the SMS vulnerability on board, and given that I don't want to use it either, what is answer..?
    Aliorum vitia turbaverunt me

  2. #18
    Senior Member watercooled's Avatar
    Join Date
    Jan 2009
    Posts
    11,470
    Thanks
    1,540
    Thanked
    1,029 times in 872 posts

    Re: 2FA workaround suggestions, sms to email or similar?

    Not if companies refuse to accept sensible alternative 2FA methods; you're stuck with whatever they want you to use.

    I did realise my post didn't directly address the OP, but rather 2FA options in general for when they are offered.

    Many will have an option to 'remember' devices so you shouldn't have to repeatedly enter codes etc once you're signed in (unless you're removing cookies on browser exit or something). Transactions may prompt you to enter again though. 2FA isn't something that's forced on customers as a way of intentionally antagonising them, it's a response to account breaches, largely facilitated through scams, phishing, poor password hygiene (reusing passwords, bad passwords, etc.) Many, particularly types like SMS, are not infallible, but they're better than nothing. There are legal mandates for them in some cases: https://www.itpro.co.uk/two-factor-a...sca-under-psd2

    I would urge caution with sms to email services. For one, you're probably not gaining much in terms of practicality anyway as you still need to enter the code. However you're also giving another third party access to that code so need to be sure you trust them, and you need to know whether you have any right to that telephone number, because you'll be rather stuck if you lose access to the number. There may also be problems if organisations such as banks, who do have that closer integration I described earlier, blacklist such services. It's just a guess, but I suspect they might.

  3. Received thanks from:

    sammyc (26-06-2022)

  4. #19
    Ghost of Hexus Present sammyc's Avatar
    Join Date
    Nov 2007
    Posts
    3,294
    Thanks
    761
    Thanked
    483 times in 385 posts

    Re: 2FA workaround suggestions, sms to email or similar?

    Ta I wasn't saying that you hadn't answered the question, so much as just asking if there is a way to turn the methods you mention to my advantage in the case of mobile number-insisters; because it would probably be beyond me to see how unless it was explained to me outright. If no then as you say I am probably stuck with grudgingly handing over a mobile & lump it because I (also grudgingly) grant that sms to email is not a tiptop answer - as per the fatal hitches I already mentioned, & that you mention, & no doubt more besides. Was just hoping, but realistically against hope I suppose, for a tidy way around the whole thing. I don't dispute the for your own good nature of 2FA, I'm just narked it involves me handing over a number I wouldn't otherwise go out of my way to have. I suppose in an ideal world I would at least like them to say we will need a mobile number, sorry about that, can't be helped.

    Re remembering devices, that's fine if things work as they should (you only have to google 'paypal' and 'trust this device') - Ebay are currently sending me temporary codes by email to 'verify my email and finish setting up my account' - repeatedly. I mean to me, the layperson, that says one-off - either they're setting up my account over & over, or it's a wrongly worded email.

    Anyway it is what is it &c.
    Aliorum vitia turbaverunt me

  5. #20
    Senior Member watercooled's Avatar
    Join Date
    Jan 2009
    Posts
    11,470
    Thanks
    1,540
    Thanked
    1,029 times in 872 posts

    Re: 2FA workaround suggestions, sms to email or similar?

    Yes Paypal is one I had in mind when saying about transactions prompting you for codes. Some others will also ask for the full authorisation if accessing certain account details e.g. security/sign-in information.

    In theory, companies wanting a mobile number specifically for 2FA could (and you could certainly argue, should) use it for that alone. But there are examples of where this has been taken advantage of, frustratingly (but understandably) driving more people away from wanting to use it: https://arstechnica.com/tech-policy/...to-target-ads/

Page 2 of 2 FirstFirst 12

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •