Tuesday 21 July 2015

Expert: Strong Password, Better Than Two-Factor Authentication



Regular security experts advise to set two-factor authentication in online accounts, which should be introduced additional code next to the password, but according to one expert, it is better to use only a strong password in combination with a password manager.

An example of two-factor authentication is a code sent by SMS and logging in, beside the password must be entered. If the user's password is stolen, the attacker can not join login here unless he has the phone user in his possession. Yet it according to security expert and researcher Egor Homakov not a panacea and its users better off with just a strong password.

Entering a second code when logging according Homakov namely waste of time. In addition, most codes are limited to six numbers, so that the second factor is too Brute Force. The measure does not stop malware and viruses, such as Bruce Schneier several years ago already announced. Furthermore, the expert that no plausible attack scenario is where a simple password, two-factor authentication is better than a strong password. An attacker who for example has the user's computer infected with malware can wait a few days until the user enters his second code somewhere.

In case an attacker to access a user's mailbox has, he can then reset the password. According Homakov it is therefore wiser to use a password manager that generates strong passwords, two-factor authentication. In addition, users should not have to ask or websites they are going to support two-factor authentication, but that option is added which allows the "forgot my password" option off.

No comments:

Post a Comment