Two Factor Authentication: Are you using it?

[Marcos 2,942]

Dear users,

We take liberty to ask you to cast your vote in this poll and to thus help us improve the service we provide to our customers. We appreciate your participation in the poll.

 

 

Best regards,

 

ESET team

[Janus 210]

Hello dear Eset :-))

 

Basically I think, that it is a lack of knowledge, of the benefits of "two factor authentication". Let us take Gmail as an eksempel. Many of my friends and colleagues use gmail, but not many use 2-step verification . The most common answer is, "oh, we didn't know that is was a possibility". And the most interesting is, that when it is explained,  most of them, ....them I know of...., begins to use it. The small amount of feedback that I have, is that most people thinks,  in the beginning, that it is a little bit awkward. But like many things, it is just a question about learning new habits. So the best motivation for introducing new security habits, is to begin explaining/showing, and talk about how easy it actually is. And with a little effort, from the user, he og she will recive a much better protection

 

Regards Janus.

[Arakasi 543]

Thank you Marcos for this poll.

Thank you ESET

 

I agree with Janus, that many users are unaware, or have not been introduced to the technology. We need more colaborative efforts in spreading the word and making users aware about current day treats and possibilities.

On average, once a week i find myself having a discussion with clients about what security measures they are taking, and why they chose what they chose. My topic leads to types of attacks and exploits that the client did not know existed or was possible, quoting " I thought that was in the movies ". We need to let people know that a strong authentication process is paramount when running online activities such as money routing and transactions, including online banking and purchasing products as well as logging into personal accounts or web portals that contain sensitive personal information.

2 Factor checking provides that extra added security for when the first is compromised, the second prevails, and also adds another step for people with malicious intent.

 

My second choice if i could select would be " Don’t perceive any threats to their online activities " for self explanatory reasons and from my statements previously mentioned.

[TomFace 538]

Janus and Arakasi are spot-on. Lord knows I have much to learn, but the "plug and play" folks  have a bit more to figure out.  

Edited December 4, 2013 by TomFace

[SweX 865]

Thanks ESET and everyone else too.

 

Yes I agree with the previous members that lack of knowledge feels like the biggest reason why not more people use it.

Edited December 5, 2013 by SweX

[Nizrax000 2]

Call me silly, but something like Lastpass built into ESET with the master key tied to a USB-dongle would be neat.

Edited December 11, 2013 by Nizrax000

[Arakasi 543]

Call me silly, but something like Lastpass built into ESET with the master key tied to a USB-dongle would be neat.

 

ESET has been a solid software vendor for years now, with no plans for any hardware.

I think i asked about hardware before and was told preference was in partners and secondary vendors for hardware.

My request was on a physical layer firewall or gateway controller built under the observation and control of ESET; which i thought would be neat. (sophos has one).

 

Even a little USB dongle by ESET with their logo pre-loaded with functions would stir up some stories

I'll take 4 !!

Mbam has a techbench USB stick they sell for $499, which i dont want to buy because its essentially Mbam programmed to start scanning upon insertion to a computer.

i'll just boot to safemode and manually scan myself

 

I would however buy several usb sticks from ESET if they were a product with some kind of feature like Sysrescue built in and programmed to auto take care of a computer

 

I like Nizrax000 idea simply because it would be some ESET hardware

[Elisa Tese Rotca 0]

Lack of knowledge is a big problem yes.

But also the "lazy" factor is too.

 

Each service and company has his own layers of security (enterprise, bank, e-mail, forums, blogs, website, facebook,

tweeter, etc) and this is an overwhelming factor in the user so he ends avoiding any "new" layer of security

no matter how good is. Then becomes lazy and don't want to use the system or service because he has to remember

"another" thing of security.

[Arakasi 543]

Bump for Ebay.

[The PIT 1]

Used it once then scrapped it. If part of the second stage breaks down such text messages not arriving or email containing the 2nd part of the authenication doesn't arrive it leaves you locked out.

Had that problem with twitter and 02 where 02 was rejecting twitter text messages due to a cock up on on their system.

Much simplier to have a nice long pw and remember to change it regularly.

[dbaps 0]

Well that's the problem, right? The more secure, the less convenient it is to use. Hopefully smart cards will change that and people will no longer need to use passwords. A fingerprint scan instead of a password would be wonderful.  Tie it into Google's authenticator and I'm even happier. 

[RNFolsom 5]

Given that I am a complete ignoramus, I don't know what Two Factor Authentication is.

First, what does "Authentication" mean in this context? 

Second, what is being Authenticated?  There are hints in earlier posts in this thread, but I need a lot more than those to understand Two Factor Authentication.
Examples would help.  Maybe Two Factor Authentication protects Eset's NOD32 and/or Smart Security, or maybe it protects my access to the financial websites that I use?  Or maybe unexpected email that contains malware?  Or maybe Two Factor Authentication is an alternative to using a Virtual Private Network, even when a computer's internet access (e.g. mine) is totally wired and not wi-fi?

 

R.N. (Roger) Folsom

 

P.S. An extraneous but related issue is that on 05-June-2014, Eset sent me an email requesting that I change my password for this website (Eset's Security Forum).  Since I wasn't currently using this website, I put that email into my ToDo folder.  But now I want to comply with Eset's request that I change my password, but although Eset's email gave me a link to how to create strong passwords (I have four different password generator utilities that I switch whenever I need a password, so I didn't need that), but it didn't explain where and how to persuade a new password to replace the old one on this website.

 

I would appreciate instructions about how to do that.  Please remember that I am an ignoramus, and need detailed step-by-step instructions.

Thanks.

Edited July 18, 2014 by RNFolsom

[planet 230]

P.S. An extraneous but related issue is that on 05-June-2014, Eset sent me an email requesting that I change my password for this website (Eset's Security Forum).  Since I wasn't currently using this website, I put that email into my ToDo folder.  But now I want to comply with Eset's request that I change my password, but although Eset's email gave me a link to how to create strong passwords (I have four different password generator utilities that I switch whenever I need a password, so I didn't need that), but it didn't explain where and how to persuade a new password to replace the old one on this website.

 

I would appreciate instructions about how to do that.  Please remember that I am an ignoramus, and need detailed step-by-step instructions.

Thanks.

 

Hi RNFolsom,

 

The annoucement (and topic) was edited on this website shortly after sending the email with instructions on how to change your password which you can view here, or quoted directly:

 

To change your email and/or password:

Click your name at the top right of the window

Click My Settings

In the menu on the left, click Email & Password

Enter your new email and/or password

Edited July 18, 2014 by planet

[Arakasi 543]

Hello Roger,

 

In addition to planet's fine post, i will convey to you that Two-Factor Authentication in a simplified explanation is putting 2 passwords on 1 login account.

You enter your normal username and password to login to a server or website, and before it lets you proceed you must enter a second password to get in.

ESET helps out with this by providing a mobile app that goes on your smart phone. After you pass the first username and password, it asks for another password that only can be retrieved or sent to your phone.

This prevents anyone who has stolen your password to login at all because they will not have your phone to get the second password.

This is the easiest way i can explain it.

The technical version can be found here: hxxp://www.eset.com/us/business/products/secure-authentication/

[rugk 397]

By the way: I'm using the two factor authentication for my Microsoft Account. (this is what you use two login, e.g. in outlook.com) And I can say that this is really simple! (on a registered mobile phone you only have to click on "Accept")

 

But also Google and many other websites already provide 2FA.

Edited July 29, 2014 by rugk

[RNFolsom 5]

Arakasi:

 

Please excuse my belated reply.  (My excuse is a long boring story.)  I very much appreciate your explanation of Two-Factor Authentication, and the hxxp://www.eset.com/us/business/products/secure-authentication/ link.

 

That link made me realize that I can use Two-Factor Authentication on internet websites, but that Two-Factor Authentication is not appropriate for my end of internet connections.  I do some economics consulting (mostly I am retired), but my communications with clients are by voice (in person or by land-line At&T telephone) or email.  I don't have a website, much less a business website.

 

For someone who has two cellphones (neither qualifying as a smart cellphone;  they are roughly ten years old), I am a weirdo.  Each cellphone lives in an automobile, and is used very occasionally, and only for talking.   Consequently no one calls me using my cellphone numbers, because if they happened to call me on one of my  cellphones (probably only my wife and me know the number;  it's written on the back of the phone), I would eventually hear it, probably weeks later.

 

Nevertheless, your description of how to use a smart cellphone for Two-Factor Authentication was interesting.  Someday I may get a smartphone, and I am happy to know about the Eset's mobile app.

 

Related different issue:

 

I am trying to improve the security of my home office (and of using a computer when in a hotel) by installing a Virtual Private Network.  When using Windows 2000 and XP, my own favorite VPN was WiFiConsulting's hxxp://hotspotvpn.com/, and it provided excellent protection.  But I found it impossible for me  to install successfully (after what I think of as trying for 100 hours or more, due to useless correspondence with WiFiConsulting) on my new Windows7 sp1 64-bit laptop, because my requests for assistance got incomplete and/or generalized answers that weren't specific enough for a non-geek economist (me). So I gave up. 

 

Over the past week I have been considering other VPN providers, and I tentatively have settled on Private Internet Access.  I had a "chat" with one of their representatives, and asked whether Private Internet Access would interfere with Eset, or vice versa.  Unfortunately he hadn't heard of Eset.  But he said that there were some cases where security software interfered with Virtual Private Access.

 

If any Eset user knows of any conflicts between Eset NOD32 version 7.x and Private Internet Access, please let me know.  I will come back to this page in a day or so.

 

R.N. (Roger) Folsom

Edited August 10, 2014 by RNFolsom

[Arakasi 543]

Hey Roger,

 

No problems on the belated response i assure you, as i visit these forums daily for the sole purpose of helping individuals with like minds that require assistance using ESET products.

As a partner i make it my duty.

 

As a response to your inquiries i can say that i am not sure of the company Virtual Private Access, since it seems generalized, but maybe you could provide a link.

I have been working with VPN's for years and understand how they work on an intermediate level.

Since VPN is a technology on the network layer, i can only assume you shouldn't have to much difficult using Nod32 and Private Internet Access.

Smart Security would be the product that might give you some troubles using VPN and even then, once it changes your subnet over to the VPN, you can simply tell ESET Smart Security it is a safe zone.

Any filtering done can also be excluded as well, if you want ESET to ignore the traffic and tell it that "it is safe" since it is your own personal VPN.

 

The only filtering done on Nod32 i can think of is through http(s), pop3(s), and imap(s), protocols.

[rugk 397]

By the way: Here is a nice video from WeLiveSecurity about Twitters two-factor authentication.

[RNFolsom 5]

Hey Roger,

 

No problems on the belated response i assure you, as i visit these forums daily for the sole purpose of helping individuals with like minds that require assistance using ESET products.

As a partner i make it my duty.

 

As a response to your inquiries i can say that i am not sure of the company Virtual Private Access, since it seems generalized, but maybe you could provide a link.

I have been working with VPN's for years and understand how they work on an intermediate level.

Since VPN is a technology on the network layer, i can only assume you shouldn't have to much difficult using Nod32 and Private Internet Access.

Smart Security would be the product that might give you some troubles using VPN and even then, once it changes your subnet over to the VPN, you can simply tell ESET Smart Security it is a safe zone.

Any filtering done can also be excluded as well, if you want ESET to ignore the traffic and tell it that "it is safe" since it is your own personal VPN.

 

The only filtering done on Nod32 i can think of is through http(s), pop3(s), and imap(s), protocols.

Arakasi:

 

Thanks very much for the feedback.  Re your last two lines:  I don't think I will need to exclude filtering, given my good experience with WiFiConsulting's hxxp://hotspotvpn.com/ (when I was able to install it use it on Windows 2000 and XP.

In any case, I'm glad to know that on NOD32 the only filtering you can think of is http(s), pop3(s), and imap(s) protocols.  SeaMonkey and my ISP (a local, redshift.com) use http(s) and pop3(s), so that's encouraging.  Imap I've heard of but never have used.

 

The rest of this post is to let you and anyone else interested to know about some interesting VPNs.

 

Private Internet Access is a VPN company's name.  Annual cost:  $40.  It's "Home" website is at https://www.privateinternetaccess.com/

        To get more  information click on the other columns there.  The most useful one (my opinion) is Contact Us, which is a collection of FAQs.  Each one is separate, so I for my own use I created an "open" collection by copying each FAQ into Thornsoft's ClipMate, and then pasting them into Mozilla-SeaMonkey's HTML Composer.

 

Some interesting reviews of Private Internet Access are:

PCMagazine, at hxxp://www.pcmag.com/article2/0,2817,2414799,00.asp

FreedomHacker, at hxxp://freedomhacker.net/private-internet-access-vpn-review/

 

An alternative is VikingVPN, $120 annual cost.  Website is https://vikingvpn.com/

As nearly as I can see, it's only disadvantage is expense.  But my recollection is that roughly $120 is what I paid when I was using WiFiConsulting's hxxp://hotspotvpn.com/, so that price isn't unreasonable.  And it might be simpler to use than Private Internet Access is.

 

For a very favorable review of Viking VPN, see FreedomHacker, at hxxp://freedomhacker.net/vikingvpn-review/

 

The prices I mention above are rounded up to the nearest dollar.

 

Some of my efforts to decide what VPN to use are at Windows Secrets Lounge, at

hxxp://windowssecrets.com/forums/showthread.php/163638-Virtual-Private-Network-%28VPN%29-Choices

 

Roger

P.S.  I also considered ExpressVPN at https://www.express-vpn.com/?a_aid=zpeti,

with a favorable review at https://www.bestvpn.com/blog/9405/expressvpn_review/

But my wife and I use only laptops;  I don't use ExpressVPN's capabilities for multiple devices.

Edited August 11, 2014 by RNFolsom

[Arakasi 543]

A few suggestions i can make for VPN are 1 free and 1 fairly expensive.

 

1. https://www.vpnsecure.me/ - COST but it has 2048 bit keys.

2. https://openvpn.net/ - FREE

[RNFolsom 5]

A few suggestions i can make for VPN are 1 free and 1 fairly expensive.

 

1. https://www.vpnsecure.me/ - COST but it has 2048 bit keys.

2. https://openvpn.net/ - FREE

Arakasi:

 

Thanks for telling me about vpnsecure.me.  (I already knew about openvpn, because apparently is the foundation for many Virtual Private Networks, including WiFiConsulting's hxxp://hotspotvpn.com/ when I hadn't yet moved from WinXP to Windows7 and could not manage to install it on my Windows7 laptop.)

 

But vpnsecure.me has an interesting note on its website:

"Dedicated IP's are separate plans at a different price to our $9.95 shared IP plans, however are shown above as available for use with OpenVPN only. Choose your dedicated IP package under the OpenVPN & PPTP drop down in the checkout."

 

I think I understand that IP stands for Internet Protocol, but I don't know what a Dedicated IP is.  Dedicated to what?  I have posed that question on vpnsecure.me's website, and I hope I get an answer by email.

 

Thanks for the information.

 

R.N. (Roger)

Edited August 17, 2014 by RNFolsom

[LabVIEW707 13]

Been using it for years. Same with Facebooks code generator. No one can get into my Gmail unless they have the code texted to my phone. 

[Arakasi 543]

Been using it for years. Same with Facebooks code generator. No one can get into my Gmail unless they have the code texted to my phone. 

 

You can easily intercept that code leaving the server by the way.

Never say no one can.

[LabVIEW707 13]

For an advanced hacker yeah. But not for the average user. To intercept it they would need your cell #. The code is sent directly to your cell via a text. Anyone advanced enough to bypass that sure as hell would not be snooping around my email. They would be going after the government. 

[Arakasi 543]

Femtocell can intercept too at the phone end.