Jump to content

LastPass users warned their master passwords are compromised

securitybreach

By securitybreach
in Security & Networking

 Share

Recommended Posts

Bookmem

Bookmem

Posted
Posted

I like the method my bank uses.  It doesn't require 2FA each time I login, but it does check the MAC address of the computer.  If the computer isn't "registered", then it uses 2FA.  Since I only use one of my desktops for banking, and not any of my other devices, then this isn't a problem.

  • +1 1
Link to comment
Share on other sites
securitybreach

securitybreach

Posted
  • Author
Posted
1 minute ago, Bookmem said:

I like the method my bank uses.  It doesn't require 2FA each time I login, but it does check the MAC address of the computer.  If the computer isn't "registered", then it uses 2FA.  Since I only use one of my desktops for banking, and not any of my other devices, then this isn't a problem.

 

That's cool but at the same time, it's not hard to spoof a MAC address. You would need to be targeted specifically but there is a chance..

Link to comment
Share on other sites
Bookmem

Bookmem

Posted
Posted
2 minutes ago, securitybreach said:

 

That's cool but at the same time, it's not hard to spoof a MAC address. You would need to be targeted specifically but there is a chance..

Nah.  I'm an 82yr old living on SS, so I'm a highly unlikely target.  And I live in a 400 unit apt bldg, so picking out my "network traffic" from the dozens of others in the bldg, would be next to impossible.

Link to comment
Share on other sites
Digerati

Digerati

Posted
Posted
6 minutes ago, Bookmem said:

I like the method my bank uses.  It doesn't require 2FA each time I login, but it does check the MAC address of the computer.  If the computer isn't "registered", then it uses 2FA. 

 

That's not how it works or what they are doing. For starters, NO WAY can your bank (or any website) see the MAC address of your computer under any circumstances. The MAC address is used to identify your computer's NIC on your local network. That information is not sent upstream. Even your ISP cannot see your computer's MAC. The ISP can see your gateway device (typically the modem), but not the MAC addresses of the devices connected to your modem. There is even another barrier if using a router - and odds are, you are.  

 

What is happening is when you log into your bank, a "cookie" is saved on your computer. Then, next time you log in, your browser looks for that cookie. If found, you get logged in without using 2FA ("IF" that cookie has not expired). If no cookie found, you have to use 2FA again. 

  • Agree 1
Link to comment
Share on other sites
crp

crp

Posted
Posted
11 hours ago, Bookmem said:

I like the method my bank uses.  It doesn't require 2FA each time I login, but it does check the MAC address of the computer.  If the computer isn't "registered", then it uses 2FA.  Since I only use one of my desktops for banking, and not any of my other devices, then this isn't a problem.

Does your bank allow for using a VPN ?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...