Sync login 2FA (via e-mail confirmation)
-
rejzor last edited by
It would be smart if Sync had 2FA (2 Factor Authentication) via e-mail like Firefox has when signing into Sync. I'm not sure why this isn't implemented yet given that Sync stores all bookmarks and passwords and should have some sort of extra authentication to keep things safer. Just password alone I think is not enough. But with e-mail confirmation to confirm the login, things should be way more secure while not making things too complicated like with need to enter 2FA codes from tools like Google Authenticator...
-
my1xt last edited by
email 2FA isnt real 2FA but basically just another password. the point of 2FA is that you have "something you possess" (your phone) and "something you know" (your password) and not 2 "something you know"-s
another nice way would be U2F though. it does need additional hardware (in form of basically a cheap special USB stick) , but it's MUCH more secure.
for example a piece of malware cant do a lot as it needs to be "actvated" by hardware interaction, like pressing a button, or touching a metal surface of the stick.
-
rejzor last edited by
No. If my e-mail is behind 2FA, it's essentially 2FA protection for everything that uses just email for verification through that particular e-mail.
-
my1xt last edited by
well that might be true for those that do use 2FA on their mail acc but probably not many actually do that, also lets not forget that the email provider itself will also pose a weakness. if a big attacker gets the mail provider to cooperate (or there's a hole in their systems and someone can exploit that) you have a problem.
opening an app and typing a code or just pluggin in a nice USB stick a pressing a button on it isnt too hard for a high level security.
-
my1xt last edited by
better than nothing, certainly, but my opinion is that if we are doing it we should do it right from the beginning.
also opera on phones should finally get the ability to work with encrypted sync data