Sujet : Re: Codes sent by text message
De : this (at) *nospam* ddress.is.invalid (Frank Slootweg)
Groupes : comp.mobile.androidDate : 11. Mar 2024, 22:24:43
Autres entêtes
Organisation : NOYB
Message-ID : <usnsqd.1230.1@ID-201911.user.individual.net>
References : 1 2 3 4 5 6 7 8
User-Agent : tin/1.6.2-20030910 ("Pabbay") (UNIX) (CYGWIN_NT-10.0-WOW/2.8.0(0.309/5/3) (i686)) Hamster/2.0.2.2
AJL <
noemail@none.com> wrote:
On 3/11/2024 9:50 AM, Frank Slootweg wrote:
FTR, the context is sending a code by SMS, that's 2SV (2 Step
Verification), not 2FA (2 Factor Authentication).
>
2FA is about two *factors*, knowledge and possesion.
>
2SV is about two *steps*, in this case 1) (username and) password and
2) getting/entering the code.
>
2FA is a 2SV process, because it (normally) involves 2 steps.
>
But 2SV is not a 2FA process, because it doesn't involve possesion,
you don't own/posses the code, you get the code.
FTR Professor Google says they are the same:
"With 2-Step Verification, also called two-factor authentication, you
can add an extra layer of security to your account in case your password
is stolen."
<https://support.google.com/accounts/answer/185839?hl=en&co=GENIE.Platform%3DDesktop>
Who to believe? Professor Google or Professor Slootweg? Hmmmmm... ;)
Professor Google's blurb is probably intended to keep things simple.
But more to the point, *in the context* of that text - which is the
'2-Step Verification' setting of your Google Account, i.e. specific, not
generic - some of the options of the second step *are* indeed 2FA,
namely Google prompts, security keys, (AFAIK) Google Authenticator /
verification code apps and backup codes, because all these use a second
*factor*, instead of just a second *step*.
Bottom line: *In context*, you can believe *both* Professor Google
*and* Professor Slootweg.
FYI, sofar Professor Slootweg uses / has used all of the above
methods, except verification code apps.