Site Map - skip to main content

Hacker Public Radio

Your ideas, projects, opinions - podcasted.

New episodes every weekday Monday through Friday.
This page was generated by The HPR Robot at


hpr3617 :: admin admin S01E05: To Do List - 2FA

Making ourselves a less attractive target by implementing 2FA.

<< First, < Previous, , Latest >>

Thumbnail of Lurking Prion
Hosted by Lurking Prion on 2022-06-14 is flagged as Explicit and is released under a CC-BY-SA license.
adminadmin, Lurking Prion, cybersecurity, security, threats, 2FA, Evil Steve, two factor. 5.
The show is available on the Internet Archive at: https://archive.org/details/hpr3617

Listen in ogg, spx, or mp3 format. Play now:

Duration: 00:14:34

Privacy and Security.

In this open series, you can contribute shows that are on the topic of Privacy and Security

Picking up from the last episode, we are now delving in to the security measures we can implement to make ourselves less attractive for Evil Steve. Two Factor Authentication (2FA) is at the top of the list.


Comments

Subscribe to the comments RSS feed.

Comment #1 posted on 2022-06-14 19:21:52 by Stache_AF

Google Authenticator

It's probably been a while since you've used Google Authenticator for 2FA, but the app now does allow for transferring between devices. Still don't have a backup option that I have found, but at least now you can move the rotating keys between devices. Also, a recent update obfuscates all the codes until they are tapped so if someone is peeking over your shoulder, they can't see all of the codes, just the one being used

Comment #2 posted on 2022-06-15 15:08:00 by Lurking Prion

Google Authenticator Improvements

It's good to see that improvements have been made. I really liked Google Authenticator when it came out. I'm hoping this space will see improvements as the migration to passphrases becomes more ubiquitous. On the flip side, Google doesn't make money off authenticator... Thank you again for the feedback. It is greatly appreciated!

Comment #3 posted on 2022-06-18 08:47:05 by Some Guy On The Internet

I agree.

I use many of the tips mentioned in your show. My goal is simple when It comes to security, "avoid being the low hanging fruit". I disagree with telling others security doesn't exist. We should encourage others to explore the realm of security then apply as many layers as they feel comfortable/possible (and yes I know, you've also suggested this point). Great shows, Keep'em coming.

Comment #4 posted on 2022-06-22 04:26:07 by LurkingPrion

No Security..?

Thank you for the feedback. I struggled with this for a while before deciding to just shatter the myth of security. While I agree in principle that we shouldn't tell people that security doesn't exist, it is always predicated on the basis that we should implement the security controls that we are comfortable with. It is really risk analysis, not security. ;-)

Comment #5 posted on 2022-06-26 04:01:35 by one_of_spoons

Two factor authentication : "andOTP"

You can back up these "Time-based One Time Password" function instances. The program called "andOTP" has been ready since 2018. Also supports OpenPGP backups, encrypted backups, and database encryption. Will also show the 'secret' string for transfer to KeePass variants... then you can copy and paste the result of the [RFC 6238] algorithm from a password manager. Available at Fdroid, and the dreaded Google Play Store.

Leave Comment

Note to Verbose Commenters
If you can't fit everything you want to say in the comment below then you really should record a response show instead.

Note to Spammers
All comments are moderated. All links are checked by humans. We strip out all html. Feel free to record a show about yourself, or your industry, or any other topic we may find interesting. We also check shows for spam :).

Provide feedback
Your Name/Handle:
Title:
Comment:
Anti Spam Question: What does the letter P in HPR stand for?
Are you a spammer?
What is the HOST_ID for the host of this show?
What does HPR mean to you?