![]() Well, the case of phone lost is somehow "trivial" but the seed to feed to TOTP is stored in plain-text. ![]() It's not very easy to quickly find the corresponding content of the coordinates:Įdit: This guy has made a really good slide about Google authenticator. Now consider the "security" aspect, which one can be considered better secure (theoretically/practically) than the other, and why? Or they are just the same level? So paper-based grid may be clumsy, but from some certain perspective (as the example above), it seems better. This is different from the phone: you always have to carry your phone around. Not carrying the grid around reduces the chance someone might get it. ![]() ![]() Of course, your wallet can also be lost, but if you do not need the grid very frequently, you can keep it at a safe place at home. In that case, isn't it true that all the pseudo-random numbers being constantly generated by the app are easily exposed to the thief? (If one use the GoogleAuth app extensively, and if he does not protect his phone very seriously - well, doing so slows down our process to open the phone, so normally people just apply some simple pattern)įor Grid, the normal choice is to print it out and put it in a wallet. Sample of a 6-digit random number generated by Google Authenticator App:įor example: the phone can be lost (it can be stolen or something). ) In general Yubikey is considered slightly more secure than GoogleAuth, so I'm just wondering the comparision between the Grid and Google Authentication App. I have basic understanding how Grid, Google Auth some some other LastPass 2 factor-authentication work (Yubikey/Sesame. For me, finding and filling letters from such a dense matrix is a rather clumsy task. Recently I moved to Google Authenticator instead of using Grid Authentication as a 2-factor security.
0 Comments
Leave a Reply. |