rossipedia
Power User
This is The Way™1Password for everything. And passkeys wherever they’re accepted now.
This is The Way™1Password for everything. And passkeys wherever they’re accepted now.
The forum now supports passkeys for second factor authentication. Details are here: https://forum.fractalaudio.com/threads/forum-supports-passkey-authentication.201570/
There’s a Xenforo feature pending to use them for primary login. Probably later this year.
I just switched to passkey thanks!
The point isn't to make you open multiple apps. The point is to make someone poking at the login fields on a web page require that they have access to your second device to log in. That's accomplished equally well if you use one app for both the password and the 2FA code or two apps.
Not saying you're wrong, but what two factors for instance, leaving out hardware keys?The point is to require two things - typically something you know and something you have. The way you described, the two factors are your encrypted database (for your PW manager) and the master password. Considering that cloud compromises happen and it seems like "most" people use cloud synchronization for their encrypted database, I'm hesitant to call the encrypted database a factor.
I don't think you're wrong, and that would be more convenient if you can get away with it. But, it at least puts more onus on you to have multiple factors to unlock your PW manager.
The password, which is static. And the rolling code. It requires two things to log in now. The second thing being possession of your phone (or the TOTP sync key used to set up rolling code…but that’s not retained on the server side).Not saying you're wrong, but what two factors for instance, leaving out hardware keys?
Not saying you're wrong, but what two factors for instance, leaving out hardware keys?
The password, which is static. And the rolling code. It requires two things to log in now. The second thing being possession of your phone (or the TOTP sync key used to set up rolling code…but that’s not retained on the server side).
It's only one factor if the password manager is compromised. From the website-you-are-logging-in-to perspective it's still a two factor authentication. Yes, you need to guard your password manager password. But that's a single password you need to remember so it can be challenging. And every other password you use can have incredibly high entropy as a result. The net security increase is high irregardless.Yes, but if both things come out of your password manager and your password manager gets compromised, that's one source of both pieces of information and effectively only one factor of authentication, even if it's 2 pieces of data - just the login for the password manager.
It's only one factor if the password manager is compromised. From the website-you-are-logging-in-to perspective it's still a two factor authentication. Yes, you need to guard your password manager password. But that's a single password you need to remember so it can be challenging. And every other password you use can have incredibly high entropy as a result. The net security increase is high irregardless.
biometric?All the same, next will be 3FA, where does it stop?
This has already happened at my work.All the same, next will be 3FA, where does it stop?
What 3 factors, out of curiosity?This has already happened at my work.
Password/Auth app/USB dongle. All these years avoiding iLok and now I effectively have to use one to work.What 3 factors, out of curiosity?
Yes, I mitigate that risk with 2FA enabled for 1Password - the TOTP code is managed by Google Authenticator in my iPhone which has to be opened with FaceId. That's the only TOTP code that Google Authenticator manages.Yes, but if both things come out of your password manager and your password manager gets compromised, that's one source of both pieces of information and effectively only one factor of authentication, even if it's 2 pieces of data - just the login for the password manager.
I love Yubikeys everywhere but my phone. Maddening to use there.I do like the idea of using a strong password and a YubiKey (or similar) for the PW Manager and perhaps letting it do TOTP or Passkeys. That does seem like a very good compromise.
Lord, don't get me started on what a festering turd Zscaler is...There is a special hell reserved for those that convince an organization to use both Okta and Zscaler.
Unless your business is paying my phone bill and for my device, I shouldn't need to use my personal device as the key to conducting your business.
If I'm already paying personally for a gigabit connection to make sure some questionably built web tools can be stable, then figure out a dongle or other physical system system as the remote gateway to your business systems.