I believe multi-factor is pretty good if done securely. So sorry sms verifications aren't that secure.
If you have a titan security key, or something like the authentication app on your phone and a password, you have 2 factors to your authentication and are pretty secure. Google basically eliminated phishing attacks due to using company wide security keys. (ref)
I personally don't believe in the "Change your password every X" systems, as it makes it more likely to make bad passwords, or forget them, and in most security scenarios the weakest link is people.
If we wanted to take things a step further than "what you know" and "what you have" then you can go down the list of the following:
What you know - passwords
What you have - physical keys, wallets
What you are - physical traits like fingerprints
Where you are - your physical location, IP location, relative to your last location, etc
Something you do - observable actions (this one isn't that common)
Logging in with another service doesn't necessarily mean they get my password, they do get a token that represents me but my password should be secured by 1 party. I try to login using the same account for this reason, as it should lessen my exposure of passwords out in the wild.
Finally, I wanted to bring up I remember reading there are ways to still prevent quantum computers from destroying our current security, but I totally forgot where I can find a reference for it. 🤔
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I believe multi-factor is pretty good if done securely. So sorry sms verifications aren't that secure.
If you have a titan security key, or something like the authentication app on your phone and a password, you have 2 factors to your authentication and are pretty secure. Google basically eliminated phishing attacks due to using company wide security keys. (ref)
I personally don't believe in the "Change your password every X" systems, as it makes it more likely to make bad passwords, or forget them, and in most security scenarios the weakest link is people.
If we wanted to take things a step further than "what you know" and "what you have" then you can go down the list of the following:
(ref)
Logging in with another service doesn't necessarily mean they get my password, they do get a token that represents me but my password should be secured by 1 party. I try to login using the same account for this reason, as it should lessen my exposure of passwords out in the wild.
Finally, I wanted to bring up I remember reading there are ways to still prevent quantum computers from destroying our current security, but I totally forgot where I can find a reference for it. 🤔