ad: AlphaRF-1

Two Factor Authentication - HELP!

Discussion in 'Community Help Center' started by AE7BF, May 27, 2018.

ad: L-HROutlet
ad: l-rl
ad: L-MFJ
ad: l-gcopper
ad: abrind-2
ad: l-BCInc
ad: QSOToday-1
ad: Left-2
ad: Left-3
  1. AJ4GQ

    AJ4GQ XML Subscriber QRZ Page

    Certainly using 2FA is beneficial in certain situations and was necessary when QRZ was using its Verified program to vet sellers, but that's no longer true here now. 2FA is a supplement to a strong password and nothing more. Scammers quickly proved it was easily bypassed in certain circumstances. Let's take it off line if you want more detail.
     
  2. KY4GD

    KY4GD XML Subscriber QRZ Page

    Only SMS 2FA has been bypassed, and only by dedicated attackers with sophisticated knowledge of SS7. There are application specific supply chain attacks and similar methods employed to bypass 2FA in general, but for the most part, two factor authentication is just best practice, along with using a unique password and a password manager.

    Saying that 2FA is not important because you have a complex password is like saying that it is fine to be unarmed and defenseless as long as you have a bolt on your door.

    I mean no offense to you at all, I just strongly disagree. I feel that best practice should be employed at all times. Not paranoia - there is no reason for three levels or tinfoil hats - but exponentially increasing the security of a public, online presence associated with your real name and reputation with very little effort is a win win. If anything, we should be evangelising the use of 2FA.

    I apologize for posting this in public, but your suggestion that we take it offline disturbs me a little. If I am wrong, I prefer to be corrected in the light of day. I assume that you feel the same.

    73 mate,

    Carl
     
  3. AJ4GQ

    AJ4GQ XML Subscriber QRZ Page

    You're not wrong and no offense taken. Well reasoned cordial discussions about differing opinions tend to shed light on things and are always welcome. I'll re-state my opinion to hopefully clarify the point I was trying to make. First, I agree with you that 2FA is a welcome addition in most scenarios and its use is therefore strongly encouraged. It is an additional and often very effective layer because, among other things, it encourages unsophisticated hackers to move on to other low hanging fruit. However, for various reasons it no longer provides significant benefit to either the user of this web site or QRZ.
    I invited you to a private conversation offline because I assumed you would want to know about those "various reasons", which can be a road map for hackers and, in my opinion, should not be discussed in a public forum.
     
    KY4GD likes this.
  4. KY4GD

    KY4GD XML Subscriber QRZ Page

    I think we can have a good, enlightening conversation on the subject, yes. I disagree with you, but that is the beginning of learning.

    Thank you for being polite about this. Sadly, it is increasingly uncommon for a conversation debating opposite points to not devolve into childish ad hominem verbal fistfights. There is nothing less useful than name calling, and it is nice to keep things gentlemanly for a chance.

    I am interested in your thoughts on the matter, but I think maybe we should discuss our differences perhaps in private, until we can at least develop an honest pro and con list, then let others decide for themselves.

    Best wishes Hart.
     
  5. AJ4GQ

    AJ4GQ XML Subscriber QRZ Page

    Agreed!
     

Share This Page