Is Iphone 6 the cheapest solution for a dedicated 2FA device?

[Randel1980]

Hi, just opened my crypto trading account and want to protect my account with 2FA. Since there is a lot of money on my account, I want to invest in a dedicated 2FA device to secure my account.

 

I do have samsung galaxy which is an android device, yes I can use my S8 for google authenticator or authy. But many people recommend to not use android because it can be infected with viruses and trojans.

 

So I'm thinking about IOS since it can't be infected, and a mobile seller told me that Iphone 6 might the best option because it only costs 100$ and is up to date (IOS 14)

 

Please let me know if there is a cheaper way to secure my account. Thanks.

[FibonKylix]

iPhone 6 cannot get the iOS version 14.

 

 

[Oshino Shinobu]

11 minutes ago, Randel1980 said:

IOS since it can't be infected

That's not true at all. iOS still has security vulnerabilities that get patched when they're found and can absolutely be infected with viruses, trojans and other malicious content. 

 

Keep the S8 updated with the latest security patches and don't sideload random stuff and you'll be fine.

[dizmo]

IOS is far from immune to this. You're just as at risk.

[Arika]

if it's connected to the internet it's at risk. use any device you currently have and just turn on airplane mode and don't allow it to connect to the internet if you're concerned about it

[saltycaramel]

6 is already out of the updates game

6S, 6S+, SE1 will be the next to be axed

 

So if you can splurge for a used 7 or 8 or even better SE2 I would go with those.

 

Actually even a 7th gen iPod Touch could do maybe. (it’s the same hardware as the 7)

 

Besides Google Authenticator and Authy, I would also consider 1Password because I find it handy to have both the passwords and the 2FA generator in the same secured app. 

[Mling]

When I was security-paranoid I used a nokia dumb phone for 2FA. 

[saltycaramel]

3 minutes ago, Mling said:

When I was security-paranoid I used a nokia dumb phone for 2FA. 

If you mean via sms, that’s vulnerable to SIM cloning attacks. 

[NineEyeRon]

1 hour ago, dizmo said:

IOS is far from immune to this. You're just as at risk.

Not as muc, SMS 2FA is super risky, app based ones on Apple are an easy way to lower that risk. You cannot eliminate it as there are still ways, just would it be worth it unless your a billionaire? Probably not.

[Mling]

54 minutes ago, saltycaramel said:

If you mean via sms, that’s vulnerable to SIM cloning attacks. 

someone needs to know your number to do this. If someone breaks into your house and gets your sim, sure. But you can buy bundles of sims cheap and change them weekly. They can only clone the one you were using, and you don't have to keep this in the phone. You can keep it in a bucket of other SIMs 

[RejZoR]

1 hour ago, dizmo said:

IOS is far from immune to this. You're just as at risk.

"Just as" is a very far fetched claim. It can, but nowhere near to degree Android phones can. iPhones basically can't be rooted, you can't sideload apps to them and App Store is far far more controlled and has much more rigorous checks in place than GooglePlay. Which is also evident by the amount of copycat apps found on GooglePlay not to mention all the junk that people can cluelessly sideload. Majority of security risk to iPhone users are just exploits. Majority on Android are just bad apps. Guess which is easier to make and deliver. I can tell you it's not the exploits...

[saltycaramel]

10 minutes ago, Mling said:

someone needs to know your number to do this. If someone breaks into your house and gets your sim, sure. But you can buy bundles of sims cheap and change them weekly. They can only clone the one you were using, and you don't have to keep this in the phone. You can keep it in a bucket of other SIMs 

Recently there was a database leak from a Vodafone-controlled MVNO (“Ho”) with all the relevant information (numbers, serials, names, etc.), who’s to say that can’t happen again and maybe be revealed months later.

 

The sooner SMS based 2FA dies, the better.

[Mling]

4 minutes ago, saltycaramel said:

Recently there was a database leak from a Vodafone-controlled MVNO (“Ho”) with all the relevant information (numbers, serials, names, etc.), who’s to say that can’t happen again and maybe be revealed months later.

 

The sooner SMS based 2FA dies, the better.

they still need to engineer a way to discover a link between your phone number and the online account. You cannot change the online account but you can change the SIM/phone number regularly.

[Roswell]

12 hours ago, dizmo said:

IOS is far from immune to this. You're just as at risk.

That's a pretty enormous stretch to claim that Android is as secure as an iOS device. It's not even close...