[Discuss] Password managers

[richard.pieri at gmail.com (Rich Pieri)]

On Wed, 6 May 2020 12:03:41 -0400
Doug <sweetser at alum.mit.edu> wrote:

> Am I wrong to presume everyone here uses 2-factor authentication?

Probably.

To be nit-picky, common 2FA is actually 2SV (two-step verification).
2FA collquially is something you know plus something you have like an
ATM PIN and the matching card. Authenticator applications are 2SV which
are two forms of something you know: your password and a code which can
be revesed by someone who knows the device identification information
and the initial handshake timings. Given the difficulty of obtaining
the information backing the code generation most 2SV authenticator
applications are good enough for general use, but they are not 2FA.

Less nit-picky, plenty of sites out there don't support 2FA or 2SV.
Therefore not all of us use these all the time.

> Yubikey is that, plus it has software that does try to figure out if
> the servers being contacted are the right ones, and not ones that
> just look right to a casual observer.

Mine aren't and don't. There are a variety of different Yubikeys with
different capabilities. Likewise Nitrokey.

-- 
Rich Pieri