Two-factor authentication 2FA
Documentation for this is incomplete. Contributions are happily considered!
Google authenticator is the most popular 2FA application
TODO: image of Google authenticator.
Users tend to loose 2FA backup codes.
TODO: image of a 2FA backup code.
Users tend to not backup 2FA backup codes since no (popular) services enforces  backups. Or users loose their 2FA backup codes and then when they loose the device used to generate 2FA codes, they will lock themselves out.
Common misconception: Google 2FA backup login codes cannot restore 2FA for services other than google. These are only a way to login into a google account after having lost access to the 2FA device.
Google authenticator doesn't have a backup function.
Popularly used 2FA is not:
When does 2FA work:
- When users fail victim to spear phishing, i.e. when they send their login password (and maybe even 2FA code) by e-mail to an attacker. By the time the attacker receives the message, the 2FA code is either missing (not sent by user) or if the user is lucky, already expired.
- It results in weakly protected logins due to weak passwords getting stronger.
- A shoulder surfed password alone is not enough to login.
When does 2FA not work:
- When the user's device is already infected by malware. In that case a trojan horse can simply take over the login session without the user's knowledge.
Possible de-anonymization when using the following apps on a non-torified device:
- authy requires an internet connection
- Symantec VIP requires an internet connection
Google authenticator desktop application replacement:
keepassxc can be used as a replacement for Google Authenticator (actually TTOP, Time based One Time Password) on desktop computers on Windows, Qubes OS (recommended), Linux (recommended) or Mac.
- Like bitcoin wallets enforce retyping the wallet mnemonic seed.
No user support in comments. See Support.
Comments will be deleted after some time. Specifically after comments have been addressed in form of wiki enhancements. See Wiki Comments Policy.
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.
Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)