2-Factor Authorization Methods

22 views
Skip to first unread message

Wade Garrett

unread,
May 23, 2019, 2:46:11 PM5/23/19
to
My financial institution wants me to use Symantec's VIP Access rather
than plain vanilla SMS text messages for 2-factor authorization to
access my account online. They say Symantec's system is stronger.

Yes? No?

user

unread,
Jun 3, 2021, 7:03:47 AMJun 3
to
Wade Garrett <wa...@cooler.net> Wrote in message:r
> My financial institution wants me to use Symantec's VIP Access rather than plain vanilla SMS text messages for 2-factor authorization to access my account online. They say Symantec's system is stronger.Yes? No?

Yes
--


----Android NewsGroup Reader----
https://piaohong.s3-us-west-2.amazonaws.com/usenet/index.html

William Unruh

unread,
Jun 3, 2021, 1:24:34 PMJun 3
to
On 2021-06-03, r...@gmailnot.com <r...@gmailnot.com> wrote:
> On Thu, 3 Jun 2021 19:03:42 +0800 (GMT+08:00), user <us...@user.net>
> wrote:
>
>>Wade Garrett <wa...@cooler.net> Wrote in message:r
>>> My financial institution wants me to use Symantec's VIP Access rather than plain vanilla SMS text messages for 2-factor authorization to access my account online. They say Symantec's system is stronger.Yes? No?
>>
>>Yes
>
> You have no choice. Plain text messaging is highly insecure. Two step
> authentication makes hacker work harder. In money matters, you dang
> well better protect your account with 2 step. Encryption would be
> better, but your outfit didn't offer you that choice.

I think he is comparing two separate 2-factor methods. On is Symantec's
and one is where the other end sends you a text message that you have to
respond to.

I am not sure, but that is how I read his sentence (It is sufficiently
vague that it could mean anything)..
So, as I read it, it is not a comparison of a one (or zero) factor vs two factor but different
2factor methods.

>
> Here is some more info at this site:
> https://blog.malwarebytes.com/101/2018/09/two-factor-authentication-2fa-secure-seems/
>
> Here is the link to the search I did on 2 step security. There are
> more pages with more info here.
> https://duckduckgo.com/?q=2+step+verification+secure%3F&t=h_&ia=web
>
>

William Unruh

unread,
Jun 3, 2021, 3:13:41 PMJun 3
to
...
>>
>>I think he is comparing two separate 2-factor methods. On is Symantec's
>>and one is where the other end sends you a text message that you have to
>>respond to.
>>
>>I am not sure, but that is how I read his sentence (It is sufficiently
>>vague that it could mean anything)..
>>So, as I read it, it is not a comparison of a one (or zero) factor vs two factor but different
>>2factor methods.
>>
>
> I'm no tech nor security expert. What I thought he was asking was two
> step authentication really needed over "plain vanilla SMS text
> message".
>
> Now that I read it again, I see he is already using 2 step stuff, but
> asking for info comparing two different methods.
>
> I think he better do as his "financial institution" wishes.
>

I think he has no choice, without changing banks. But in comparing the
two, he really needs to give us more information. The current procedure
is completely undefined. It may be that that they used to use the sms
version, and they are now forcing him to use the app instead "because it
is more secure". That claim is pretty hard to verify, since the app is
almost certainly proprietary and secret. Many claimed methods are, I
suspect, actually very weak.

William Unruh

unread,
Jun 3, 2021, 7:16:09 PMJun 3
to
On 2021-06-03, r...@gmailnot.com <r...@gmailnot.com> wrote:
> My wife signed up with our bank and credit card holder for really
> great idea. Every transaction made on our bank or credit card account
> is sent via e-mail right after being made. Crooked nonsense can be
> nipped in the bud immediately. I don't think there is a security
> method around that some hackers or other cannot - will not break.

If they can get into the account, they can change the email address to
which those transactions are mailed.
>
> What it boils down to is the account holder cannot live in denial or
> ignorance of the facts regarding the destructive ways of hackers. The
> real and final responsibility lies with the account holder. Like it
> or not - time consuming or not - pay attention daily - or like my wife
> does, check hourly. :o)

Sorry, but that is sort of making it backwards. People simply do not
have the time, knowledge or energy to keep keeping track. If you wife
has nothing else to do in her life, I guess checking hourly is OK. But
that is not typical of people in the world.
The bank has your money and it is on them to ensure that the money is
given only to you. They of course would like to get rid of that
responsibility. What do they care if your money is given to some crook,
and by handing you the responsibility they are no longer forced to care.
There was a famous case in the UK ( which was I think the first country
in the world to institue ATMs). One person suddenly discovered that a
bunch of money disappeared from his account. He complained to the bank.
They had him arrested and he was convicted and thrown into jail for
trying to defraud the bank, since he must have given his password to
someone to remove the money or he himself took it and was now trying to
get money from the bank by fraud.
When Ross Anderson (a Security expert at Cambridge) he helped head an
appeal which, since the bank claimed that their security was foolproof,
demanded that the bank reveal the details of their security. They
refused, and the appeal succeeded. But the banks keep trying to say
"It's your fault".
Reply all
Reply to author
Forward
0 new messages