[PLUG] Security headaches

[Mike C.]

"You want to have some form of 2 factor authentication to make it harder
for people to break into your account. The nice thing for most people about
the texting is that they typically always have their phone with them, so
the response cycle is very quick, and limited in who can access."

One of the things I like about Google's 2x factor auth is they provide an
offline authentication app. Google Authenticator Google implements two-step
verification services using the Time-based One-time Password Algorithm and
HMAC-based One-time Password algorithm, for authenticating users of
software applications.

IMHO all web / mobile apps should use this for a variety of good reasons.
It provides better security, user's don't have to remember passwords that
get forgotten or cracked, bad actors can't associate accounts and passwords
to users, etc.

To me this isn't unlike using an RSA token fob back in the day for
corporate VPN access. The modern day version of this is a usb 2x factor
auth key such as Yubikey, which works with hundreds of web sites
including Twitter,
Facebook, Google, Instagram, GitHub, Dropbox, Electronic Arts, Epic Games,
Microsoft account services, Nintendo, Okta, and Reddit.





On Mon, May 4, 2020 at 8:48 PM wes <plug at the-wes.com> wrote:

> On Mon, May 4, 2020 at 8:21 PM John Jason Jordan <johnxj at gmx.com> wrote:
>
> > On Mon, 4 May 2020 19:37:10 -0700
> > wes <plug at the-wes.com> dijo:
> >
> > >On Mon, May 4, 2020 at 2:39 PM John Jason Jordan <johnxj at gmx.com>
> > >wrote:
> > >> If the Google Voice account sends the text messages to my Android
> > >> phone they will not be viewable. What I need is for Google Voice to
> > >> display text messages on my computer, i.e., in Chrome or Firefox. As
> > >> far as I can tell that is not an option.
> >
> > >I use Google Voice. One of the things I like about it is its
> > >redundancy. I can get text messages via at least 4 interfaces
> > >simultaneously. The downside is that I have more items to mark "read"
> > >but for me, that is well worth the benefit of making it very difficult
> > >to get locked out of my ability to receive messages. In my line of
> > >work I need to be Highly Available(tm) and this goes a long way
> > >towards helping with that.
> > >
> > >Google Voice offers a smartphone app that is unrelated to the Messages
> > >(or similar) app that usually handles text messages going to the phone
> > >by default. This is not mandatory. However, it will insist that you
> > >provide a number to a real phone, so be prepared for that. It will
> > >forward phone calls to the Google Voice number over to the real phone
> > >number.
> > >
> > >I get GV text messages in the app, over email, in a Chrome browser
> > >extension, and in a web interface found at voice.google.com. Your
> > >physical phone does not have to be involved.
> >
> > Many thanks. I may have problems installing the app because my phone
> > had too many pieces of Google deleted and now I am locked out of the
> > app store. But this sounds like a solution. I will get to work on this
> > tomorrow. :)
> >
>
> You may be able to get away with setting it up without ever installing the
> app at all.
>
> Just pull up voice.google.com and follow the prompts.
>
> -wes
> _______________________________________________
> PLUG mailing list
> PLUG at pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>