So I'm a big fan of 2FA. I've recently activated a lot of them on my various online accounts once I realized how they work (I'm still kind of new to all the security options out there). It seems to make the most sense to me. I mean even if someone had my password they still would not be able to access my account because they would need my 2FA code that gets sent to my phone. right?
With the recent hack here on Steemit, I realized that this option is not yet available (would LOVE to have that option here by the way). So this got me thinking about security and password managers. I've always heard about them but have never used them, and I figured I could turn to the community here on Steemit and ask a couple of questions. People here seem to be very knowledgeable and helpful about such topics so here goes:
What do you guys think of password managers? Are they reliable, safe? And if so, which ones do you guys like the best.
In theory, if I have 2FA activated on all my accounts, does it even make sense to get a password manager or would it be an overkill? I understand they create long and secure passwords but is it necessary in your opinion with 2FA. As it is, I usually use my own long password in combo with 2FA.
I guess I'm just looking for some common sense information on this topic from someone who knows more about it than I do. Your thoughts are deeply appreciated. Thanks for reading.
Though I do think some kind of more in depth password manager would be extremely handy the use of a 2-step system can be a double edged sword; allow me to explain.
There have been a slew of hacks going around the Twitter and Youtube scene lately and the way the majority of these have been done were in fact WITH the 2FA system, it has been circumvented with a bit of social ingenuity and basic technical knowhow.
All it would take is a would-be hacker to have some of your basic info and they could call your cell provider up posing as you and have your sim card shipped right to their location, slip that into their own phone and bam! They have your account.
Now, this is not an issue for most people as getting some of these details aren't as easy as it may seem but some "hackers" and social engineers are VERY clever and know their way around the system they're trying to thwart. I personally do not use the 2-step system for this reason but instead just manage my own passwords myself. I'm not trying to scare anybody who uses this sytem as it is a very good and convenient way to keep your passwords and logins secure but there is a huge, glaring loophole and some people do know how to worm their way through it.
All great points. Thanks for the response!
The thing about two-step verification is that ultimately any account is only as secure as the mail used to create it. It is therefore of utmost importance that the mail you have used is secured by two-step verification (preferably in a closed loop if possible) as well - if you have an old or perhaps a burner phone it would be ideal to secure your mail using that to keep things completely separated in case your day-to-day phone gets stolen.
In addition to the above it might furthermore be worth looking into masked mails - or at the very least tagged mails. If you use G-Mail you can do [yourmail][email protected] and it still reaches the same inbox. Ideally you would want masked mails to ensure complete anonymity, but tagged mails would still add additional security in the sense that the actual tag is required to recover your account.
Now, as for your question on password managers. In my head putting all eggs in the same nest - especially when it comes to something as vital as security - simply does not make sense to me. All it takes is one breach and everything is gone.
If you have trouble remembering passwords try create a system for yourself which is sufficiently random to avoid social engineering whilst ensuring decent (25+, more if possible) length. Or, if remembering passwords truly proves a challenge, write them down by hand and keep your notebook safe.
Of course, everything is rendered useless if your computer is insecure so ensuring proper computer security and applying common sense to what you download remains paramount.
Great advice, thank you!
Security depends on YOUR actions, 2FA is no super-uber security feature.
Words from someone who grew up with the net and has watched all this 'stuff' evolve. ;)