Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Two-factor Authentication and Device Recognition

jparker402

jparker402

macrumors 6502a
Original poster
Jun 7, 2016
588
60
Bellevue, NE
A bank just started two-factor authentication (or said they did). I never managed to get it to deliver the code, so after over a month I started following up. After several resets I was told it was working, but still I did not receive a code. Finally a customer service person said that I was indeed using two-factor authentication, but, because the system recognized the computer (MacBook Air) as the device I used, their system didn't need to send a code for me to get on the site. Indeed, I was able able to get on the site without a code. Now I am wondering if two-factor authentication is all that secure. The bank's system seems to recognize my computer; how easy is that for a hacker to simulate, thus bypassing what two-factor security is suppose to achieve?
 
Try logging in from a different machine and see what happens.
As for the token on your computer, it’s hard to say since we don’t know how they implemented it. The trick to any token is to not lose it or have it stolen. This arrangement could be reasonably secure, but I’d personally prefer an Authenticator token over this “transparent” system.
 
  • Like
Reactions: eyoungren
barbu said:
Try logging in from a different machine and see what happens.
As for the token on your computer, it’s hard to say since we don’t know how they implemented it. The trick to any token is to not lose it or have it stolen. This arrangement could be reasonably secure, but I’d personally prefer an Authenticator token over this “transparent” system.
Click to expand...
I will try to log in with my iPhone when I get an opportunity. "Tokens" I have never heard of before! Is that some kind of pass/key between my computer and their system?
 
Interesting, when I have 2FA I get a code on my phone via text, and have to enter it on the web site, always as far as I remember.
 
Huntn said:
Interesting, when I have 2FA I get a code on my phone via text, and have to enter it on the web site, always as far as I remember.
Click to expand...
That is what I am used to as well, Huntn. But not with this site. Not having to enter the code is convenient, but not very reassuring security-wise.
 
  • Like
Reactions: Huntn
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back