New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Now that's not thinking creatively
(Notices you using a default password from some crappy rooting technique and installs a VNC server on your phone, waits for you to sleep)
If android is up-to-date, not made by some no-name chinese vendor and no proprietary app ever had root or other dangerous privileges, I think it's very good security, you can even cut off internet access.
Therefore applies to almost no one here haha. People here love their cheap phones
That's correct. Most people don't root their phones. They just install Google Authenticator as any other Android App. And yes, the tokens that Google Authenticator generates are time based and don't require internet access. Exactly here lies the beauty of this technology - you only go through the digest cycle once (when the remote application and your device kinda lock onto each other. Its much more complex than that and has a serious math included in the process). After that, you only enter the PIN code that Google Authenticator gives you when you are logging into that remote application. And we all have our smartphone always with or near us, right? So this additional step when logging in is not so much inconvenient either (I'll gladly trade couple of seconds of time for peace of mind and more security).
The biggest problem I think is the adoption of this technology by the developers, because its they who need to implement this kind of user security into their apps. Many developers (like us, not to brag :P) have already integrated 2FA but the most of them still haven't.
However, 2FA is a big step forward in password theft protection, for sure. It just needs more time to reach it's full potential.