28-01-2025, 08:26 AM
i'm not sure there is ever is going to be a simplification of authentication mechanisms nowadays. But i'll add few thoughts of my own.
Generally speaking, a username and password are no longer considered secure. 2FA is a mechanism to provide a 2nd tier authentication of a signin, in addition to the user/password credential. This can be done in several forms...
- An email to a previously registered email address
- A text to a previously registered mobile number
- An automated call to a previously registered landline/mobile number
- Requesting a code from a previously registered 2FA, such a Authy, Microsoft or googles Authenticator app etc
Some organisations, eg Microsoft, seem to feel that passwords are no longer required and can be done away with completely going forward, in favour of 2FA, biometrics etc
The problem these days is you can go through a myriad of these 2FA challenges just to complete a seemly simple task like change your recovery email.
Best advise is don't get hung up on the why, don't let the emotions get in the way - it is just a process you have to go through, as many times as the powers that be deem it necessary, for you to actually prove that you are, in fact you. Ultimately it is for your own benefit to protect your own data...
Now on the subject of password managers, I have never been a fan of local password managers, on more than one occasion i have seen the database corrupt rendering it useless... Browser password managers is as much as I will use since they can be backed up to the online account (NEVER for banking/finance of course!), trusting it will be secure...
I do however use KEYPASS which is similar concept but is more like a digital vault for all sorts of data, passwords, files etc
HTH
Generally speaking, a username and password are no longer considered secure. 2FA is a mechanism to provide a 2nd tier authentication of a signin, in addition to the user/password credential. This can be done in several forms...
- An email to a previously registered email address
- A text to a previously registered mobile number
- An automated call to a previously registered landline/mobile number
- Requesting a code from a previously registered 2FA, such a Authy, Microsoft or googles Authenticator app etc
Some organisations, eg Microsoft, seem to feel that passwords are no longer required and can be done away with completely going forward, in favour of 2FA, biometrics etc
The problem these days is you can go through a myriad of these 2FA challenges just to complete a seemly simple task like change your recovery email.
Best advise is don't get hung up on the why, don't let the emotions get in the way - it is just a process you have to go through, as many times as the powers that be deem it necessary, for you to actually prove that you are, in fact you. Ultimately it is for your own benefit to protect your own data...
Now on the subject of password managers, I have never been a fan of local password managers, on more than one occasion i have seen the database corrupt rendering it useless... Browser password managers is as much as I will use since they can be backed up to the online account (NEVER for banking/finance of course!), trusting it will be secure...
I do however use KEYPASS which is similar concept but is more like a digital vault for all sorts of data, passwords, files etc
HTH
This world would be a perfect place if it wasn't for the people.
Sharesies | Buy Crypto | Surfshark VPN | Cloud Backup
Sharesies | Buy Crypto | Surfshark VPN | Cloud Backup