I personally use Authy on my phone for 2FA.
#Wildstar 2 step verifiction not working code#
That's 2FA, albeit a very bad implementation of it.Ī good 2FA implementation will usually involve a rotating security code that you obtain via an app on your phone or a physical keyfob. You've probably had banks or other services try to e-mail you or send you a text message with a code you have to also type in.
#Wildstar 2 step verifiction not working password#
When you log in to a service with 2FA enabled, you have to provide your password and a security code. So you need to decrypt the tokens even after downloading them (even if a hacker get past #2)ĢFA stands for two-factor authentication. In addition to #2, because its client side decrypted, your tokens are encrypted by a password that only you know per #1. You need to confirm via SMS AND e-mail in the event you lose your phone.
![wildstar 2 step verifiction not working wildstar 2 step verifiction not working](https://d1fc5y2qmnxpnr.cloudfront.net/assets/android-profile-callout-022021.png)
I'm willing to bet 99% of average users don't even care about this anyway, but the fact they're willing to push that they do this is cool. Sure it's closed source, but like LastPass, they have reiterated their commitment to security. Here are some features I find that make it very secure: I find it extremely useful where I dont have to worry about losing my phone. The fact that Google offers to save your passwords in Chrome, means that it wouldn't be a total security failure to add a backup for Authenticator keys. It's always been about providing a balance between user friendliness and security. Furthermore, Google has never been about maximizing user security to the point you can be Edwards Snowden and feel comfortable with their services. While a cloud backup isn't the most secure for most users, in general backing up TOTP tokens IMO is far safer than having an SMS fallback given the vulnerabilities with SMS (i.e.
In the Bitcoin world for instance, if you lose your 2FA tokens, you're SOL for security reasons. Many international sites won't have SMS backup either. Regarding backup codes, that's specific to Google logins, and not every site has this. Now before you mention that there are backup codes and cloud backups are insecure, let me address the following. I really wish Google added a way to backup the tokens via cloud.