Question on DNotes vault update: Do you consider two factor authentication via SMS? I guess that there are a lot of people who can not (are not able to) use QR codes.
Hi AlCamus, we hadn't considered using SMS authentication at this time. The current 2FA uses Google authenticator, which the user can either scan the QR code or enter the written code into the Google Authenticator app. We would certainly be interested to find out if there are users who are unable to use this form of 2FA. My guess is that the phone would not be a smart phone?
Where 2FA is used to add another factor of certainty that the user has access rights, SMS can be useful. But using SMS to enable password reset is a great risk because you are relying on the phone security, and the service provider refusing to transfer the number to a different SIM without sufficient authorisation.
It is like that crazy scheme of protecting your account with a password that contains very high entropy, but if the 'user' forgets it, they can then gain access to the account with simple questions that can be answered by searching their Facebook account. Poorly implemented 2FA can reduce security instead of increasing it. DNotes Global Inc. always do their research and never rush into untested solutions, so I'm sure they'll get this right.