|
|
|
|
|
|
by roywiggins
4445 days ago
|
|
|
LastPass doesn't require copy-paste on many websites- it can fill on click, or automatically. It's slick and very fast. I leave it logged in so I don't need to type my master password more than once every few days on my home machine. The newest LastPass version on Android can auto-fill in apps, too. On websites that I've enabled 2FA on, I let LastPass autofill (no clicks) and pulling up Google Authenticator on my phone is what takes time. The problem with using SMS as your only authentication is, what do you use for your second factor? I suppose a PIN would work. SMSes are also trivial to intercept: imagine the national telco silently routes some login SMSes that were going to a number on a list to the local internal security agency. The user just gets no SMS (or a code that doesn't work), assumes something went wrong on the network, and asks for another one. Meanwhile the "baddies" have logged in already and snaffled up the information they want. What I want is to be able to use Google Authenticator as my only authentication, plus a PIN for slightly sensitive sites and a long password for very sensitive sites (and to disable my phone from a distance). |
|
|