T
13

Can we talk about 2FA vs just having a strong password?

I never used to bother with two-factor authentication because I thought a 14 character password with mixed symbols was plenty secure. Then last month I got a notification from Google saying someone tried logging into my account from a city I've never even visited. That freaked me out so I finally set up 2FA using Microsoft Authenticator instead of getting codes sent by text. The difference is night and day because even if a hacker gets your password from a data breach they still can't get in without that second code. I tested it by trying to log in from my friend's phone and it blocked me immediately. Text message 2FA is way less secure since SIM swapping is a thing plus it takes longer. Honestly I wish schools pushed this harder because my students are still using passwords like 'charlotte123' and it makes me nervous. Has anyone else had a close call that pushed them to finally lock things down?
3 comments

Log in to join the discussion

Log In
3 Comments
black.joel
black.joel26d ago
Wait, did you say your students use 'charlotte123'? Because I'm pretty sure my old Netflix password was 'netflixfan1998' for like five years straight. That close call with Google would've sent me straight to setting up 2FA too, though I probably would've just sat there staring at my phone for an hour trying to figure out the app.
5
cameron538
cameron53824d ago
Man, have you tried using a password manager? I was in the same boat, kept using the same weak passwords across everything because who can remember a dozen different ones? My brother talked me into trying one last year and honestly it saved me so much headache. Now when I log into a site, it autofills a crazy long password I never even bothered to learn. Plus it has that built in generator that makes up random ones for you. For the 2FA thing, I just bit the bullet and spent an afternoon getting the authenticator app set up on all my important accounts, did it while watching TV so it didnt feel like a chore. Now I dont have to think about it anymore unless I get a new phone, and by then Ive usually got the process memorized enough to not need a tutorial.
6
keithbennett
Three years ago I had a password that was literally just "password1234" and I thought I was being clever adding the 4. Then someone got into my email and sent spam to everyone I knew. That was the wake up call. @black.joel honestly the staring at the phone thing is real, I still have to watch a YouTube tutorial every time I switch phones and need to set up the authenticator app again. Its like the apps are designed to be confusing on purpose or something. But once you get it working it gives you that peace of mind even if you feel dumb while setting it up. Ive been meaning to update all my old accounts with better passwords but theres so many of them and I keep putting it off.
2