About 2fa is it safe?

[veltix]

Hi all anyone uses 2fa apps. Is it safe? Like send sms, or generae codes from the app?

 

[reddevil0728]

Hi all anyone uses 2fa apps. Is it safe? Like send sms, or generae codes from the app?

like google/microsoft authenticator?

 

[veltix]

like google/microsoft authenticator?

Yup. Other brands too

 

[reddevil0728]

Yup. Other brands too

It’s better than not have 2FA

 

[laokorkor]

2FA is very safe. With that said, no technology is perfectly safe - recall those scams not too long ago with regard to screen sharing, forwarding 2FA codes, etc?

 

[reddevil0728]

2FA is very safe. With that said, no technology is perfectly safe - recall those scams not too long ago with regard to screen sharing, forwarding 2FA codes, etc?

But that one is not a failure of 2FA technology.

is a failure on that individual.

 

[laokorkor]

But that one is not a failure of 2FA technology.

is a failure on that individual.

How about in some countries (perhaps SG also), SMS is used as a 2FA mechanism. SMS is subject to man-in-the-middle attacks.

 

[reddevil0728]

How about in some countries (perhaps SG also), SMS is used as a 2FA mechanism. SMS is subject to man-in-the-middle attacks.

Ah ok. For avoidance of doubts, referring to those Authenticator apps

 

[laokorkor]

I did a Chatgpt 4o - "Authenticator apps vulnerabilities". Chatgpt listed 9 potential problems.

 

[davidktw]

As the name implies, 2FA is 2nd factor. it is not meant to replace your 1st factor. asking if 2FA alone is safe or not isn’t a complete question. if your 1st factor is not compromised, 2FA wouldn’t be an issue. if you cannot even safe keep and practice good security measure with your 1FA, then your 2FA comes in as a mitigation.

I am quite sure you can find just about many problems and challenges with securing 1FA(normally your password), but that doesn’t make it moot. it just means you need to practice proper security practices if that is what you are so concerned about about.