There are limits to 2FA and it can be near-crippling to your digital life


A video demonstration of the vulnerability here, using a temporary password. (credit: Kapil Haresh) This piece first appeared on Medium and is republished here with the permission of the author. It reveals a limitation in the way Apple approaches 2FA, which is most likely a deliberate decision. Apple engineers probably recognize that someone who loses their phone won’t be able to wipe data if 2FA is enforced, and this story is a good reminder of the pitfalls. As a graduate student studying  cryptography, security and privacy (CrySP ), software engineering and human-computer interaction , I’ve learned a thing or two about security. Yet a couple of days back, I watched my entire digital life get violated and nearly wiped off the face of the Earth. That sounds like a bit of an exaggeration, but honestly it pretty much felt like that. Here’s the timeline of a cyber-attack I recently faced on Sunday, July 23, 2016 (all times are in Eastern Standard): That’s a pretty incidence matrix (credit: Kapil Haresh) 3:36pm— I was scribbling out an incidence matrix for a perfect hash family table on the whiteboard, explaining how the incidence matrix should be built to my friends. Ironically, this was a cryptography assignment for multicast encryption. Everything seemed fine until a rather odd sound started playing on my iPhone. I was pretty sure it was on silent, but I was quite surprised to see that it said “Find My iPhone Alert” on the lock screen. That was odd. Read 20 remaining paragraphs | Comments

View post:
There are limits to 2FA and it can be near-crippling to your digital life


Please enter your comment!
Please enter your name here


This site uses Akismet to reduce spam. Learn how your comment data is processed.