Readers
Weigh InYOUR COMMENTSREADER INPUT
TWO-FACTOR AUTHENTICATION
Hi Neil
I have read your columns for years, and they are
great. The 2FA [two-factor authentication] issue is
confusing for the layman. In order to avoid getting
locked out if one’s phone is lost, is Authy the best
option? And regarding password managers, Is
LastPass more secure than Dashlane regarding
handling and transmitting of password
information?
—Jeremy BearmanNEIL'S ANSWER
All the 2FA systems have some kind of backup
built in; you just have to use it. For example, with
Yubikey or other FIDO-compliant keys, you can
associate more than one physical key with your
accounts. Keep one in your pocket, one in a
lockbox, for example. With some SMS-based
systems (they send you a text with an unlock code)
you can fall back on receiving a code by email.
With Google Authenticator (and work-alikes such
as Authy and Duo) you can associate more than
one phone, or sign in from a trusted computer to
FKDQJHWRDGL̆HUHQWSKRQH7KHUHDUHRSWLRQVYou ask about LastPass versus Dashlane; there’s
QRWDORWRIGL̆HUHQFH7KHRQHZD\/DVW3DVVODJV
is that it does not yet support the FIDO U2A
standard (backed by Google, Microsoft, and a host
of others). So that might give Dashlane an edge.
Overall, Keeper seems the most focused on
security. Keeper is what I use.
—Neil J. RubenkingThis month, we’ve got
a couple of reader
letters to share.