![]() So, for GA, my private key is private to me (it isn't shown ever again, or sent to the bank or company).Īnd, I can't use a stolen private key for one account and access other accounts!! Symantec seems to support this (there is a "+" to create accounts for each bank or company. ![]() But, again, you are the only one that has the private key!! If you have the private code saved off, you can use it on your new phone to set up GA again on that new phone (I've had to move phones before and went through this process for all of my accounts). If you have to move phones, and you don't have your private key, you have to manually call and provide proof to that company that you are who you are to disable 2FA and then you can set it up again on the new phone. For GA you are required to save the private key off and it is only ever shown at the time that the 2FA link is created. So, that bank or company never gets your "private" key (or in this case "confidential id"). This code is only known to you (I believe it is generated from a code provided by the bank or company you are setting up 2FA with). It requires you to get a number code or use a QR code (which represents the same number) to initialize a new account for each bank or company. Google Authenticator does NOT work in this same way. So, seems likely that "confidential id" is how to do it for Symantec. And, for Google Authenticator it's the private key that allows you to move to a new phone. But, they likely have to allow you to move to a new phone somehow. They can likely just initialize that same Symantec app on their own phone and then they are able to generate codes just like your phone. If someone is able to take a picture of your "credential id" on your phone. I'm not really sure that it's that difficult to "spoof". How is this not a security disaster waiting to happen? Am I missing something obvious? There's still the other possibility where one of the sites stores your credential ID locally and gets compromised.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |