Jump to content

I don't need 2FA question

HiMrRes23948
By HiMrRes23948
in Off Topic
 Share
Go to solution Solved by LAwLz,
27 minutes ago, f23948 said:

I have my Google account and my password manager account, if I leave 2FA off a very long time and if I change my password often and is it still become more vulnerable?

Yes, it's still more vulnerable.

 

2FA and frequent password changes with long and complex passwords protect from two different things.

Let's say you have a keylogger on your computer. In that scenario, it does not matter how often you change your password or how complex it is. The keylogger will send your password straight to the operator of the keylogger, and they will be able to login to your account.

 

The idea behind MFA/2FA is that you need MORE than just the password and account name to gain access. An attacker would have to compromise two systems in order to gain access, and infecting two systems is way harder than just one. 

 

 

 

Think of it like this, 2FA is like wearing a seatbelt. Having strong passwords is like driving carefully.

Does driving carefully negate the advice to wear a seatbelt? No. You wear a seatbelt in case you are in a crash. Driving carefully reduces the risk of being in a crash just like having a strong password reduces the risk of someone guessing it, but there is still a risk that something goes wrong like someone else driving into you (or your password is leaked somehow).

 

 

 

You can turn off 2FA if you want. I mean, it's not like turning it off will guarantee that your account will get compromised. Diving without a seatbelt does not mean you will be in a car crash either. But think of it this way, is the minor annoyance of having to pull out your phone worth it? It provides excellent protection against attacks on your account, and in general people should take security of their Google account seriously. It often contains a tremendous amount of information.

Saved passwords, bookmarks, it's often the address used by password recovery...

Do you use Chrome? If you do, they might be able to see your history and from there figure out which sites you browse. Once they got that, they can do password recovery and gain access to your other accounts.

 

Is the risk worth it?

Putting on seatbelts can be annoying, but it's a very small annoyance compared to the extra protection it provides. Same deal with 2FA.

Posted

As annoying as 2FA is for me to log on to my work server (every day, multiple times, creating a token on my phone to enter on my laptop), I understand the need.  Use it for sensitive things like @Lomac mentioned, just to make life a little easier down the road.

Link to post
Share on other sites
Posted
  • Solution
27 minutes ago, f23948 said:

I have my Google account and my password manager account, if I leave 2FA off a very long time and if I change my password often and is it still become more vulnerable?

Yes, it's still more vulnerable.

 

2FA and frequent password changes with long and complex passwords protect from two different things.

Let's say you have a keylogger on your computer. In that scenario, it does not matter how often you change your password or how complex it is. The keylogger will send your password straight to the operator of the keylogger, and they will be able to login to your account.

 

The idea behind MFA/2FA is that you need MORE than just the password and account name to gain access. An attacker would have to compromise two systems in order to gain access, and infecting two systems is way harder than just one. 

 

 

 

Think of it like this, 2FA is like wearing a seatbelt. Having strong passwords is like driving carefully.

Does driving carefully negate the advice to wear a seatbelt? No. You wear a seatbelt in case you are in a crash. Driving carefully reduces the risk of being in a crash just like having a strong password reduces the risk of someone guessing it, but there is still a risk that something goes wrong like someone else driving into you (or your password is leaked somehow).

 

 

 

You can turn off 2FA if you want. I mean, it's not like turning it off will guarantee that your account will get compromised. Diving without a seatbelt does not mean you will be in a car crash either. But think of it this way, is the minor annoyance of having to pull out your phone worth it? It provides excellent protection against attacks on your account, and in general people should take security of their Google account seriously. It often contains a tremendous amount of information.

Saved passwords, bookmarks, it's often the address used by password recovery...

Do you use Chrome? If you do, they might be able to see your history and from there figure out which sites you browse. Once they got that, they can do password recovery and gain access to your other accounts.

 

Is the risk worth it?

Putting on seatbelts can be annoying, but it's a very small annoyance compared to the extra protection it provides. Same deal with 2FA.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Off Topic

×