Wish-It-Was Two-Factor Security

[Thorin]

Some (most?) of us on here are in IT, whether developer or network admin or system admin, or something.  Have you ever wondered why we get asked security questions now, or whether they're any use?  I was surprised to find background info about this on DailyWTF, of all places:

http://thedailywtf.com/Articles/Wi@%&#Was-TwoFactor-.aspx

Which just reminds me that security is incredibly easy to get wrong, as it only takes one weak link to make the security chain break. "One way to do it right, ninety-nine ways to do it wrong".

[Darren Dirt]

180+ comments, and one of the very earliest of them nailed it:

"Just put a post-it on the monitor!! DUH!"

aka "this kind of isn't-really-2-factor authentication encourages non-techies to just do what you are trying to prevent in the first place!" lol

[Thorin]

It's interesting to read what some banks in Europe do.  For instance, sending a text message to your mobile for each transaction you want to do.  As one poster said, it's much harder to spoof your mobile...

[Lazybones]

I just get Bad Request (Invalid URL) with that link

Ha it didin't like wish it was

[Lazybones]

At most it is brute force protection, but honestly how hard are most of those to guess or google?

[Thorin]

I just get Bad Request (Invalid URL) with that link

Ha it didin't like wish it was

Huh?  Oh, blocked at work or something?

[Lazybones]

I just get Bad Request (Invalid URL) with that link

Ha it didin't like wish it was

Huh?  Oh, blocked at work or something?

No the forum swear filter replaced the characters.