1. SPS Accounts:
    Do you find yourself coming back time after time? Do you appreciate the ongoing hard work to keep this community focused and successful in its mission? Please consider supporting us by upgrading to an SPS Account. Besides the warm and fuzzy feeling that comes from supporting a good cause, you'll also get a significant number of ever-expanding perks and benefits on the site and the forums. Click here to find out more.
    Dismiss Notice
Dismiss Notice
You are currently viewing Boards o' Magick as a guest, but you can register an account here. Registration is fast, easy and free. Once registered you will have access to search the forums, create and respond to threads, PM other members, upload screenshots and access many other features unavailable to guests.

BoM cultivates a friendly and welcoming atmosphere. We have been aiming for quality over quantity with our forums from their inception, and believe that this distinction is truly tangible and valued by our members. We'd love to have you join us today!

(If you have any problems with the registration process or your account login, please contact us. If you've forgotten your username or password, click here.)

Is the push for 2FA really about security?

Discussion in 'Techno-Magic' started by SlickRCBD, Feb 25, 2025 at 6:40 PM.

  1. SlickRCBD Gems: 29/31
    Latest gem: Glittering Beljuril

     Resourceful Adored Veteran

    Joined:
    May 7, 2005
    Messages:
    3,251
    Media:
    47
    Likes Received:
    192
    Gender:
    Male
    Remove all ads!
    I noticed an interesting coincidence.
    The push for 2-factor-authentication came about around the same time Chrome, Firefox, and other browsers started restricting 3rd party cookies.
    Also most of the sites require a cell phone number, rather than a number of other options for 2FA.

    I have to wonder if this concern about password security is really about security, or obtaining a unique identifier (the phone number) that they can use to track you and can be used to compile data on interests for advertising data now that the 3rd party cookies are being blocked. They don't need or care about your name, just that this web entity with this phone number visits these sites and sells it to data miners for various purposes.
     
    SlickRCBD, Feb 25, 2025 at 6:40 PM
    #1
  2. Taluntain

    Taluntain Resident Alpha and Omega Staff Member ★ SPS Account Holder Resourceful Adored Veteran Pillars of Eternity SP Immortalizer (for helping immortalize Sorcerer's Place in the game!) New Server Contributor [2012] (for helping Sorcerer's Place lease a new, more powerful server!) Torment: Tides of Numenera SP Immortalizer (for helping immortalize Sorcerer's Place in the game!) BoM XenForo Migration Contributor [2015] (for helping support the migration to new forum software!)

    Joined:
    Jun 11, 2000
    Messages:
    23,690
    Media:
    494
    Likes Received:
    579
    Gender:
    Male
    2FA and advertising are not normally linked in any way. Also, data collection is under a number of strict rules at this point, so no legitimate website could just use phone numbers for a purpose other than stated. Note, phone numbers usually aren't used or stored by the websites themselves, but by some of the 2FA apps, e.g. Authy.

    Also, setting up 2FA with a phone number / cell phone usually isn't the only way to do it, but it's often the most convenient and reliable. I've had to turn on 2FA for all logins on the Codex about 2 years back as we've had a number of incidents where people's forum logins were exploited (as they used the same login details on other, hacked sites) and the attackers then initiated mass post/thread deletion and editing sprees, which caused a number of issues and wasted our time constantly doing cleanup.
     
    Taluntain, Feb 27, 2025 at 2:08 AM
    #2

  3. Keneth Gems: 29/31
    Latest gem: Glittering Beljuril

     ★ SPS Account Holder Resourceful Adored Veteran

    Joined:
    Jul 22, 2002
    Messages:
    3,186
    Media:
    143
    Likes Received:
    237
    Gender:
    Male
    As someone who designs services with 2FA, I can tell you that there's no connection between the two, at least not on any mainstream service. Also, most of us prefer not to use SMS as the primary means of providing 2FA for our customers because it's notoriously unreliable. The fact that browsers started blocking 3rd party cookies and websites started pushing for 2FA stems from the same privacy/security concerns, which is why they both coincidentally appeared at a similar time.
     
    Keneth, Feb 27, 2025 at 8:39 AM
    #3
  4. Sorvo

    Sorvo Where's the nearest pub? Distinguished Member ★ SPS Account Holder Adored Veteran

    Joined:
    Sep 4, 2001
    Messages:
    2,063
    Media:
    5
    Likes Received:
    101
    Gender:
    Male
    Glad I'm not the only crazy thinker out there :p :beer:
     
    Sorvo, Feb 27, 2025 at 8:43 AM
    #4

  5. Keneth Gems: 29/31
    Latest gem: Glittering Beljuril

     ★ SPS Account Holder Resourceful Adored Veteran

    Joined:
    Jul 22, 2002
    Messages:
    3,186
    Media:
    143
    Likes Received:
    237
    Gender:
    Male
    Corpos selling your personal info is an actual thing though. :shake:
     
    Keneth, Feb 27, 2025 at 8:48 AM
    #5
Sorcerer's Place is a project run entirely by fans and for fans. Maintaining Sorcerer's Place and a stable environment for all our hosted sites requires a substantial amount of our time and funds on a regular basis, so please consider supporting us to keep the site up & running smoothly. Thank you!

Sorcerers.net is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to products on amazon.com, amazon.ca and amazon.co.uk. Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates.