Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> it won't protect you from someone stealing your phone and opening your authenticator to login to your account

Why do they (and your malicious ex) know the other half needed to login - your password?



They don't need to know it. To reset your Google password you need your backup email account (Facebook / Work email ) or your telephone number or text. All of these are almost invariably accessible without further authentication via your phone. The protection that 2-factor authentication adds doesn't apply in the event that someone has the second factor. We're talking about the incremental improvement rather than the protection granted by your password.


Yeah, I'm sorry...I understand the parent post's rants, but to even bring up this scenario is absurd. If your nemesis knows your password, then you've royally screwed up, nevermind the problem with her having your phone.

Also, does the parent-commenter mistakenly believe that the authenticator code is all that's needed to log into an account? But maybe that underscores his point that the whole system may be overwhelming to the average user.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: