Suppose a hacker got my BW credentials

dh024 · August 14, 2022, 6:14pm

Selecting the strength of a password is completely a personal choice, so I don’t mean this to be critical, but I have to wonder if a 100 character password is actually significantly more secure than a 16 char unique password (i.e., one with numbers, letters of both cases, and symbols)?

And the NIST and even Microsoft recommend that it is no longer best practice to arbitrarily rotate unique passwords. Part of the reason is that modern hashing algorithms now make it too difficult to reverse engineer passwords, but that wasn’t always the case, hence the recommendation to rotate passwords frequently.

Some helpful sources:

D_Chance_Gold · August 14, 2022, 8:05pm

So your phone would need to be in range for auth to work, even if you don’t need to scan a QR code each time or read the code off your phone screen?

My bank sends the 2FA code to my email. AFAIK my phone is not part of the equation.

ThatSaid · August 14, 2022, 8:30pm

With the Authy Desktop App, no phone is needed to use Authy.

To your question “So your phone would need to be in range for auth to work . . .?” (if “auth” = Authy), the answer is no.