Quote:
Originally Posted by redpoint5
.
My question is what are some best practices to harden technology and reduce attack footprint?
Seems the old logic of 1 username and 2 passwords depending on importance is not good enough. I've enabled 2FA (two factor authentication) on the important stuff now.
|
2FA is good but comes in different levels of strength
Weakest is email 2FA. If someone reuses login info their is a good chance the hacker can also access the email account for the code
Text or phone 2FA is next. The weakness with that people can transfer your phone number relay to a service like google voice
Then comes printed codes. You apply for a list of codes - each one works once. It is pretty safe if printed out and kept physically. If you keep the codes in tje cloud that could be a vulnerability
Then come software tokens. Every time you log in you have to enter a one time code generated in an app or use a biometric verification. This is how my employer does security
Then comes a hardware token. It is basically a modern version of a physical key. To log in you must insert the key into the computer, phone, tablet, etc
Quote:
Originally Posted by freebeard
.
The problem with cards is that they expose the account with each transaction, where with Bitcoin only the transaction itself is exposed.
|
Not necessarily. Some cards allow you to generate a one time card number for every online transaction.