I am not a security expert. I certainly would not notice the 2FA versus 2SV although now I see it is a real thing. What really impressed me and got me to take out the credit card after I read the article was that Google required all employees to use a Yubikey to do their day-to-day jobs. For that reason, I don't think it is "cool", but provide a meaningful level of security.
I don't care if my old Yahoo account is out of date. I only care about where the money is kept: Northern Bank, Fidelity, E-trade. Do they have 2SV? Yup. With Yubikey? Often no. Gmail and lastpass have it. I recommended buying 2 keys: one for my key chain, one for a specific place in my house. For Gmail and lastpass, I register both keys. Then when I lost my keychain for a week, I just used the other one (it was found in the couch). There are rescue codes that can be written down on a piece of paper and stored for the long term. Doug On Wed, May 6, 2020 at 1:47 PM Jack Bennett <ajbenn...@gmail.com> wrote: > One of the benefits of a password manager is that it automates this process > so you can easily use passwords that would be impossible to remember and/or > type in (and lock them behind a suitable and memorable passphrase). > > Of course, this still requires trusting the creators of the manager > application itself. > > 1Password and LastPass have what appear to be good external security audit > processes, so they've got that going for them > > e.g. https://support.1password.com/security-assessments/ > > I don't expect that I would be able to cook up a better DIY solution that > is anywhere near as convenient. > > > > On Wed, May 6, 2020 at 1:35 PM Rich Pieri <richard.pi...@gmail.com> wrote: > > > On Wed, 6 May 2020 13:05:58 -0400 > > Kent Borg <kentb...@borg.org> wrote: > > > > > Except 16+ is overkill for a password. (*Password*, not encryption > > > passphrase--the two are extremely different uses.) > > > > Except... they're not. 16 random (I'm assuming) characters is what > > Google use for application passwords. Which are in fact passwords in > > their use. That's my base line. > > > > -- > > Rich Pieri > > _______________________________________________ > > Discuss mailing list > > Discuss@lists.blu.org > > http://lists.blu.org/mailman/listinfo/discuss > > > > > -- > Jack Bennett > ajbenn...@gmail.com > _______________________________________________ > Discuss mailing list > Discuss@lists.blu.org > http://lists.blu.org/mailman/listinfo/discuss > _______________________________________________ Discuss mailing list Discuss@lists.blu.org http://lists.blu.org/mailman/listinfo/discuss
