Wandering Thoughts archives


I have yet to start using any smartphone two-factor authentication

Now that I have a smartphone, in theory I could start using two-factor authentication to improve my security. In practice I have yet to set up my phone for this for anything (although I did download an app for it). There turn out to be several reasons for this.

First, the whole area is fairly confusing and partly populated by people that I don't really trust (hi, Google). Perhaps I am looking in the wrong places, but when I went looking at least the first time around there was a paucity of documentation on what is actually going on in the whole process, how it worked, what to expect, and so on. What I could find was mostly glossy copy and 'then some magic happens'. I'm a sysadmin; I don't like magic.

(The confusing clutter of apps didn't help things either, although I suspect that people who know what they're doing here have an easier time cutting through the marketing copy everyone has.)

Then, well, it's early days with my smartphone and I'm nervous about really committing to it for something as crucial as authentication. Pretty much everything I've read on 2FA contains scary warnings about what happens if your phone evaporates; at the least it's a big hassle. Switching on 2FA this early feels alarmingly like jumping into the deep end. Certainly it doesn't seem like something to do casually or simply as an experiment.

(Probably there's a good way to play around with 2FA to just try it out, but I have no idea what it would be. Scratch accounts on various services? Right now I'd have to commit to 2FA on something just to find out how the apps look and work. I suspect that other people have a background clutter of less important accounts that they can use to experiment with stuff like this.)

Finally is the big, blunt issue for me: I just don't have very many accounts out there (especially on websites) that I both feel strongly about and that I'm willing to make harder to use by adding 2FA authentication. Most of my accounts are casual things, even on big-ticket sites like Facebook, and on potentially somewhat more important sites like Github I'm not very enthused about throwing roadblocks in the way of, say, pushing commits up to my public repos.

(Part of this is that I'm usually not logged in to places. And obviously things would be quite different if I worked with any important Github repos.)

All of this feels vaguely embarrassing, since after all I'm supposed to care about security and I now have this marvelous possibility for completely free two-factor authentication, yet I'm not taking advantage of it. But I've already established that I have limits on how much I care about security.

tech/TwoFactorPhoneDisuse written at 02:25:04; Add Comment

Page tools: See As Normal.
Login: Password:
Atom Syndication: Recent Pages, Recent Comments.

This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.