dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
312
share rss forum feed


HA Nut
Premium
join:2004-05-13
USA

Question on Google 2 Factor Authentication for cell phones

I had been thinking about activating 2 FA but realized that if I want to use email on my phone, the account would still have a password (called an Application Specific Password.) Which to me, could possibly no better than what I have now.

But, if the ASP is highly limited from accessing anything but the page you are logging into (like Gmail), then it might be more acceptable to me. Earlier this year, there was an issue discovered on this exact possibility. »blog.duosecurity.com/2013/02/byp···ication/ (There may be an earlier thread about this on this board but I wanted to get renewed interest/fresh answers.)

This article says the loophole is fixed. Has anyone really tested it? If you are a Google 2 FA user, are there any quirks/problems?

TIA


HA Nut
Premium
join:2004-05-13
USA
I have been surprised I had no replies.

Anyway, I have kind of answered my own question. I am NOT convinced that Google is doing 2 FA correctly and have decided against it.