[c12]

Slightly off topic but 2FA was both possible and a consideration 18 years ago, just not for the majority of people.

[gpvos]

Did any DNS providers implement it at that time?

[chinathrow]

Correct. Banks in Europe hat various 2FA methods in place, even in the early days of online banking around year 2000.

[kybernetikos]

I was using a simple form of 2FA with my retail bank in Switzerland back in the early 2000s.

[gist]

> but 2FA was both possible and a consideration 18 years ago

You could setup your own dns servers obviously 18 years ago and in fact when starting out in the mid 90's that is exactly what we and many others did. (Criket Liu nutshell books from O'Reilly)

http://shop.oreilly.com/product/9781565920101.do

http://www.oreilly.com/pub/au/284

[pfg]

To clarify, the problem here wasn't with their DNS servers, but rather the registrar being compromised. You could run your own DNS servers and still get compromised like this unless you also happen to run your own registrar.

[astura]

Yeah, that stuck out to me too, I know SecurID has been around since at least the early 2000s.

[pc86]

18 years ago was 1999.

[ams6110]

First time I used a 2FA device was an RSA "Safeword Card" which looked like a small handheld calculator and would display a multi-digit code that changed every minute or so. This was in 1998 and it had been put into use before that.

[mc32]

I think Sun Micro had deployed those to all their engs, perh others too. I think it had a PIN which when entered displayed the code which was valid for a min.

[ams6110]

Yeah, you're right. The rotating number device (with no PIN entry) came later.

[plussed_reader]

You never possessed a bank or credit card prior to 1998?

Isn't the account on the card + your pin 2FA?

[astura]

I'm well aware.

I meant SecurID were fairly well established by the early 2000s for VPN access, from what I remember, so I assume they came around at least a few years earlier, which would be the late 90s, they also weren't the only option on the market.