WARNING - 2 factor verification and its dangers - VERY IMPORTANT - #steempunks #minnowschool

in #warning7 years ago (edited)

I want to share a warning to everyone that is using 2 factor verification for exchanges, finance and permanent accounts.

A friend of mine has recently invested in some KCS from the kucoin exchange with the intent to invest. Exchange websites flaunt their 2 factor verification feature and people assume its more secure when you have it so they go for it.

What happened to my friend is he wiped his phone and for 4 months has been unable to get access to his account on the exchange again, the support crew can not help him they say its googles problem, and you can guess the extent and limits that the google support staff can provide on the issue, since they consider it third party software.

We're talking someones life savings that is now probably lost forever.

My friend has cried, dealt with it, moved on and while he's still pursuing gaining access, he has accepted that he will probably never see that money again.

Its a very severe consequence to following the recommended steps!

so beware, two factor verification might expose you to the following risks.

  • if you reset your phone, chances are you will permanently lose all accounts with 2 factor verification
  • if your phone gets lost you will likely suffer the same consequence
  • if your phone is stolen, the funds you then need to replace it may be unavailable due to this
  • if your phone breaks, same story
  • if anybody knows you have two factor verification, they can sabotage your life by destroying or otherwise hiding your phone.

We live in new environment today where crypto currency is a permanent fixture of our societies, please beware of this phenomenon and try to keep your funds out of exchange accounts except for transfers, beware of two factor authentication and the pitfalls associated with it, perhaps create dummy accounts, wipe the phone and fix the authentication before you store much money in a site you are interested in, so that you know for sure your funds are safe from damage and sabotage.

if you're happy and you know it vote/comment

punks.png
steempunks discord
https://discord.gg/hGJnpJu

moonshine, the first earbender
and hand of the ear

ear.png
rd Ear - 3rd Ear - Third Ear
we are one
https://discord.gg/astSxAu

Sort:  

Never thought about it, OF COURSE.
I guess it is tied to the phone number, which is the SIM. So maybe this would give ample motive to actually purchase an old phone bone from 2004. They simply work like they should, the battery lasts forever and you can leave it in the sunlight and it will still function.

Having had terrible experiences with a smart phone a friend gifted me I am never going back to these sensitive and fragile pieces of "high technology". Especially now.
Thanks for the heads up!

If only it was tied to the SIM, it's actually tied to the software installation, if your phone software gets reset it also decouples your 2 factor checks.

Its a pain

Thank you very much for commenting @paradigmprospect :)

nice to see someone else who also likes old phones

I have no reason to doubt what you're saying, I'm afraid I just don't get it yet.

Does that apply to old phones? You know, Samsung ones with built in spelling mistakes in their auto correct. Long before operating systems. I wouldn't even know how to reset that phone "software" - there's no real port or OS. And the number the verification arrives at is on my SIM, I can put the card in other phones and it will have the same number.

Isn't it true that as long as I have the same number on that old phone it will still work after resetting? How would the exchange know that anything is different? How would the phone not tie to its SIM number after rest? Because "modern" phones work differently and require OS shenanigans to access the actual number?

You don't actually need to answer these, just thinking out loud here, pondering how to best protect the access. I have had some hardcore password lessons in the last years that taught me a lot.

I know a few people who religiously reject smartphones <3

Aah well you see two factor verification is this type of application that installs on a smartphone thats coupled to your login on another website, thing is, if your smartphone is reset, you can in many cases lose access to the website it opens, because it becomes a second requirement of logging in.

People take it and assume its safer, but it exposes you to the problems covered in the post, which is often left unconsidered at the time of enrolling in the feature.

See two factor authentication is not phone number centric, its linked to your software installation, which makes you vulnerable to damage, loss and some forms of sabotage.

Use authy for your authenticator app if u are worried about this as you can move your 2fa accounts across devices with it

Great info man, thanks for sharing. I have resteemed so my 20 followers can be made aware!!

This post has received a 0.35 % upvote from @drotto thanks to: @banjo.

Your Post Has Been Featured on @Resteemable!
Feature any Steemit post using resteemit.com!
How It Works:
1. Take Any Steemit URL
2. Erase https://
3. Type re
Get Featured Instantly � Featured Posts are voted every 2.4hrs
Join the Curation Team Here | Vote Resteemable for Witness

wow, thanks for the heads up. I'll recheck all my 2fa verification and disable the important ones.

thank you very much for the positive response @abmakko, we have to be careful these days :)

I've had some accounts that I had to send extra documents to gain access to after having a phone stop working, so I definitely know where you're coming from here!

Thanks to @paradigmprospect, this post was resteemed and highlighted in today's edition of The Daily Sneak.

Thank you for your efforts to create quality content!

Thank you very much sneakyninja, and thank you very much for the nomination for basic income, nothing escapes my gaze ;)

Much love thanks for raising awareness on this issue, I think a lot of people have suffered perfectly avoidable losses.

So the bottom line people:

  • save the keys that protect your 2 factor authentication when you install it
  • use an app like authy if you can, it has good recovery options

punkstiny.pngsteemPunks

Great advice!

Useful points made on this post.

Worth knowing though that in some accounts you can save yourself a lot of heartache if you save the seed or code they show you when you first set up the 2FA as this is an easier way to set up 2FA on another phone. I personally have an encrypted unasuming usb fob and a note book and write all important information on both. I keep them in separate places and if in the guture things become an issue or my machine/phone/laptop dies I have a backup...

Always store these sort of information off your computer on either an analogue or a encrypted device OFF the computer.