• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
NameHero® Blog

NameHero® Blog

Web Hosting Tips & Resources From NameHero

  • Hosting
    • Web Hosting
    • VPS Hosting
    • WordPress Hosting
    • WooCommerce Hosting
  • Reseller
  • Enterprise
  • Domains
  • Account
  • Blog Home
  • Categories
  • Authors

Why I Don’t Use Two Factor Authentication

Bhagwad Park

Published on: January 21, 2021

Categories: Website Security 0

This is going to be a controversial opinion. I’ve written a lot about website security on NameHero, and best practices for both shared and VPS hosting. So you might think that one of the first things I do is to enable two-factor authentication or 2FA wherever I can. NameHero itself offers the ability to enable 2FA – here’s a tutorial on getting 2FA to work. However, even though I’ve been tempted by the idea of 2FA and have explored many different ways to get it to work, I’ve never fully bought into the idea. Something has always held me back. I do use 2FA in a sort of modified form with my password manager, but it doesn’t go all the way.

Here’s why.

2FA Always Assumes Best Circumstances

My nightmare scenario with 2FA is the following. I’m traveling abroad and I get robbed. I lose my phone, and my wallet. I desperately need to log in to important accounts like my bank, my e-mail, etc. But because I’ve lost everything, I no longer have my second 2FA device with me! I’ve lost the backup codes they give you in case of emergencies. I’m stuck. Badly.

Of course, there are many other secondary scenarios, which while not quite as bad, can be pretty inconvenient. I lose my other form of 2FA, and it takes weeks to re-enable access to my account. Apple is notorious for this. And in some situations, you simply lose your entire account, including all the stuff you purchased with them.

The problem with 2FA is that it doesn’t prepare you for the worst. It assumes you’re comfortably ensconced in your daily environment, with your systems set up alongside you with ready access to your backup codes and a secure Internet connection. And while this is true most of the time, if the worst scenario ever does come to pass, the consequences can be potentially ruinous.

Consequences for a Website

For a website, the outcome can be dire. Luckily, you can disable 2FA while logged in via SSH if you’ve already set it up. But if you haven’t gotten around to it yet, the situation can get very messy. You have to hope that your hosting provider will be able to intercede in some manner. It’s a scary situation!

SMS is Unreliable and Insecure

To make matters worse, the most common form of 2FA is still SMS. Let’s leave aside the fact that you might lose access to your phone, and hence won’t be able to receive the code. The problem is that SMS itself is unencrypted! That means it’s available for anyone who can access the line to intercept the authentication code. No less a website than Reddit was once hacked because they relied on 2FA via SMS. If it can happen to them, it can happen to you.

A Strong Password is Your Best Defense

I’m a big fan of creating high entropy passwords in conjunction with a password manager. These are impossible to crack, and if the password manager automatically fills your password into web forms, there’s no danger if you accidentally fall for a phishing attack because the password manager will detect the fake domain name.

Ultimately, the only thing you have with you at all times is your mind. And your password is stored inside. Some can rob you and strip you of all your belongings, but as long as your mind is functional, you will always be able to access important stuff. 2FA brings another layer of security that relies on something you have instead of something you know. The problem is that something you have can always be taken away from you.

And that scares me.

Bhagwad Park Profile Picture
Bhagwad Park

I’m a NameHero team member, and an expert on WordPress and web hosting. I’ve been in this industry since 2008. I’ve also developed apps on Android and have written extensive tutorials on managing Linux servers. You can contact me on my website WP-Tweaks.com!

Related Posts

How To Fix The ERR_SSL_PROTOCOL_ERROR: 5 Easy Solutions

Here are 5 easy ways to fix the pesky ERR_SSL_PROTOCOL_ERROR if you run into it as a website owner or visitor.

How to Fix the “ssl_error_no_cypher_overlap” Error on Mozilla Firefox

Check out our guide on how to fix the ssl_error_no_cypher_overlap error code, which indicates a mismatch in the cipher suites in Firefox.

Why I Don’t Use AWS S3 For Website Backups

I’m constantly trying to find better backup solutions for my website. While I lucked out and got grandfathered into a cheap DropMySite plan for 10 GB, DropMySite has since changed its pricing, and it’s no longer suitable for ordinary website hosting. I’ve been looking into Amazon’s AWS S3 for backups, and since Cloudflare introduced R2 […]

Use A Cloudflare Origin SSL Instead Of AutoSSL Or Let’s Encrypt

Ever since Google stated that SSL would be a ranking factor for websites, every web host has started offering free SSL. However, NameHero was offering free SSL certificates even earlier – well before other hosting providers jumped on the bandwagon. But Let’s Encrypt, and AutoSSL certificates are unstable for the following reasons. 1. AutoSSL and […]

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

Follow & Subscribe

Exclusive promos, content and more!

Most Popular Posts

NameHero’s Recommended WordPress Plugin and Theme Setup (2023)

WordPress Hosting vs. Web Hosting – What’s The Difference?

How To Increase The InnoDB Buffer Pool Size

How To Fix A Stuck All-in-One WP Migration Import

How To Add A Subdomain In Cloudflare

Top Categories

  • WordPress
  • WordPress Tutorials
  • Enterprise Hosting
  • WooCommerce
  • Web Hosting
  • Resellers
  • Website Security
  • Website Development
  • Website Performance
  • VPS Hosting
  • SEO Tips
  • Announcements
  • Domain Registration
NameHero

NameHero® proudly provides web hosting to over 40,000 customers with 99.9% uptime to over 750,000 websites.

  • Master Card
  • Visa
  • American Express
  • Discover
  • Paypal
Products
  • Web Hosting
  • VPS Hosting
  • WordPress Hosting
  • WooCommerce Hosting
  • Reseller Hosting
  • Enterprise Hosting
  • Domains
Help & Support
  • NameHero Blog
  • Support
  • Help Center
  • Migrations
  • Affiliates
  • Call 1-855-984-6263
Company
  • About Us
  • Contact Sales
  • Reviews
  • Uptime
  • We're Hiring

Copyright © 2023 Name Hero, LLC. All rights reserved.
NameHero® is a registered trademark.

  • Privacy Policy
  • Terms of Use
  • Acceptable Use Policy
  • Payment Policy
  • DMCA