Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Bypassing Google’s Two-Factor Authentication

Options

Comments

  • Options
    #2
    Capt'n Midnight
    Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 91,064 Mod ✭✭✭✭Capt'n Midnight


    fcerullo wrote: »
    This has been fixed (to some extent) by Google, but incidents like this make me ponder when passwords will finally be replaced by stronger authentication mechanisms.
    if only people could be persuaded to carry a small computer with them,

    like a smartphone ?



    Of course the tricky bit is what to standardise upon and how to transfer data to and from the phone - the easier to use for the user the better

    perhaps use the camera on the phone to look at changing onscreen patterns. near field and bluetooth aren't universal and you do need a human in the loop


  • Options
    #3
    Khannie
    Moderators, Technology & Internet Moderators Posts: 37,485 Mod ✭✭✭✭Khannie


    Yubikey could be a winner. It's a very smart technology. I use the 2 factor from google myself but the authorised applications was an obvious chink in its armour. Nice work from the researchers though.

    I see their 2 factor is spreading to other technologies which is great (there is an SSH plugin for example).


  • Options
    #4
    RangeR
    Registered Users Posts: 7,265 ✭✭✭RangeR


    fcerullo wrote: »
    This has been fixed (to some extent) by Google, but incidents like this make me ponder when passwords will finally be replaced by stronger authentication mechanisms.

    https://blog.duosecurity.com/2013/02/bypassing-googles-two-factor-authentication/

    Fabio
    @fcerullo

    Two factor is beyond the comprehension of normal folk. If semi re-education could be done to use passPHRASES over passwords, it would mitigate a lot of issues.

    I walk around our warehouse the odd time, just observing. It's a good way of getting an idea on how users "use". Anywho, I pass by one machine and ask the operator. "Hey mate, what's that written on the wall". He replies "Ah, sure, that's my Windows password. I keep forgetting it".

    Guess what was written on the wall......


    p a s s w o r d :eek:


    That was his password. A lot of people will just not be able to use 2 factor. However, that did alert me to a weakness in our password policy. I was pretty sure that it was enforced stronger than that.


    *facepalm* on both counts


  • Options
    #5
    Khannie
    Moderators, Technology & Internet Moderators Posts: 37,485 Mod ✭✭✭✭Khannie


    Hadn't considered that for 2 factor. It just seems like such a simple concept, but it's hard to put yourself in the position where you've never come across it before when you already have (unlearn it as such).


Advertisement