Win a copy of Microservices Testing (Live Project) this week in the Spring forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Liutauras Vilda
  • Henry Wong
  • Devaka Cooray
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Al Hobbs
  • Carey Brown
Bartenders:
  • Piet Souris
  • Mikalai Zaikin
  • Himai Minh

what sites do you have two factor turned on for?

 
author & internet detective
Posts: 41184
848
Eclipse IDE VI Editor Java
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Up until today, I just had gmail. Today, I turned it on for github, paypal, dropbox, linked-in and yahoo. I didn't turn it on for twitter because it breaks the blackberry app.

Does anyone have experience with two factor on any other sites?
 
Rancher
Posts: 43028
76
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
My company uses it for the admin web app for Amazon Web Services. It uses Google Authenticator and is real easy to use.
 
Java Cowboy
Posts: 16084
88
Android Scala IntelliJ IDE Spring Java
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have it on for Google and recently I enabled it for Github and Twitter. I didn't know Paypal, Dropbox and LinkedIn have it too, I'm going to enable it for those accounts too.
 
Ulf Dittmer
Rancher
Posts: 43028
76
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Yeah, I've just enabled it for PayPal as well. Thanks Jeanne.
 
Ranch Hand
Posts: 338
7
Tomcat Server Ubuntu Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Today I am changing a lot of passwords (sigh).

It seems that a while ago one school of thought to cut down on malware and protect passwords was to disable cookies. I usually set my browsers to clear all cookies and caches when I am done with the browser (firefox). Is this thinking outdated? For the two factor sites ( and perhaps everything else, too ) should I allow cookies? I am guessing the factor that authenticates the machine is using cookies.
 
Ulf Dittmer
Rancher
Posts: 43028
76
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Two factor has nothing to do with cookies. There may be sites that do not work with cookies disabled altogether, but that's a minority. I think setting the browser to accept cookies, but to delete them upon exiting is a reasonable policy. It robs of you of some convenience (making you log in to various sites every time you start the browser), but provides some extra security.
 
margaret gillon
Ranch Hand
Posts: 338
7
Tomcat Server Ubuntu Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Two factor has nothing to do with cookies.



Ulf, thanks for clearing that up.

So sites that identify the machines i work on, like my bank's web site, are storing the machine information in their system? If so then why does my bank stop me from logging in every couple months because it doesn't recognize my machine , even though it is the same computer I have used for a several years?
 
Ulf Dittmer
Rancher
Posts: 43028
76
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
A server may use cookies to substitute for one of the factors, provided you have successfully used a web password to log in at some point. But the fact that you have a password to log in is independent of the fact that this login may be remembered via cookies. Two factor auth relies on the password as one factor, not the fact that this password login was remembered via cookies.
 
Greenhorn
Posts: 6
1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Does anyone have a good site or compilation of sites that offer 2-factor?
 
Jeanne Boyarsky
author & internet detective
Posts: 41184
848
Eclipse IDE VI Editor Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Todd Placher wrote:Does anyone have a good site or compilation of sites that offer 2-factor?


The most comprehensive list I found was on lifehacker.
 
Todd Placher
Greenhorn
Posts: 6
1
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Actually the lifehacker article had a link to an even better one then lifehacker: http://evanhahn.com/2fa/

 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic