TFA (Two Factor Authentication) is an additional wrinkle to improve security over ordinary passwords. It gives a false sense of security from its James Bondian implementation. You have a fob on your keychain, sometimes called a token, with a number that changes every minute to a different random value. It is keyed off an internal clock and a pseudorandom number generator. When you login, you have to give both your password and the current number on the fob.
The advantage is, if someone guesses your password, or steals your fob, but not both, they cannot login.
Online services like Google, Facebook, LastPass, Amazon, Twitter, Apple… make the use of such a device optional. However, you mainly want the extra security primarily on financial sites like banks, credit unions, credit cards, PayPal most of which do not yet support them.
The solution is to use a scheme that does not require the server to guard any secrets. The US military has long been using such a certificate-based scheme they call CAC (Common Access Card) cards. It is not rocket science. It is immune to hacking since there are no secrets to hack. Industry persists in using password buggy whip-era authentication.
Certificates are amazing. A single card can act as ID, driver’s licence, passport, credit card, debit card, library card, all your passwords, emergency medical records… Perhaps that potential power is what scares people away from them.
Until we have certificates:
This page is posted
Optional Replicator mirror
Your face IP:[184.108.40.206]
You are visitor number|