Leave a legacy.

u2f to protect personal data on My giffgaff with 2-step ("2 factor") authentication option for My giffgaff logins

By: timsmall | 03-12-2015 19:54

There's a lot of personal data on My giffgaff which members need to keep secure.

Companies like Google, Dropbox, Github (soon PayPal, EBay, Visa, Mastercard, Microsoft and others) support the excellent "FIDO u2f" standard so that users can opt-in to secure logins to their websites.

See this example video for how it works:  https://www.youtube.com/watch?v=EVx3QkJ8_J0

... since it was made, Microsoft and Firefox have announced upcoming support in their browsers too.

You can buy the USB keys from many different manufacturers from about £5 (some also work with NFC for tablet and phones without plugging in), and use each key with multiple sites (without compromising privacy).

Google, Dropbox, Github all allow users to add these to their account, and require their use either for every login, or just for the first login from a particular computer.

I've been using one for a couple of weeks now, and I think they're great!  Google have reported a more than 75% reduction in unauthorised access to accounts (e.g. via malware etc.) for users who use them.

Comments

by: erisds
on: 10-04-2019 13:21

I keep being told by Giffgaff support that I have to comment here if I want to be heard, so here I am.

It is absolutely imperative that Giffgaff adds second or multi-factor authentication on their online accounts immediately. There are now at least 7 ideas that cover this:

https://labs.giffgaff.com/idea/16713916/2-factor-authentication

https://labs.giffgaff.com/idea/16712158/allow-users-to-secure-their-accounts-with-2-factor-authentication-2fa

https://labs.giffgaff.com/idea/16701487/u2f-to-protect-personal-data-on-my-giffgaff-with-2-step-2-factor-authentication-option-for-my-giffgaff-logins

https://labs.giffgaff.com/idea/16712363/require-2-factor-authentication-to-sign-up-for-payforit-texts

https://labs.giffgaff.com/idea/16707920

https://labs.giffgaff.com/idea/16703325

Many of these are over 4 years old. It's very clear that no one reads or moderates this board.

That's fine - it's up to you to choose whether to moderate the board, but if you're not going then your agents need to stop telling people to raise ideas for things that have been open for 4 years already and be honest about the fact that no one cares what's written here.

by: nickyheywood
on: 25-01-2019 00:57

good idea

by: adamtheant
on: 20-07-2018 21:02

sounds good

by: adamtheant
on: 30-12-2018 17:06

As it's a good idea

by: mikejonesey4
on: 07-08-2016 20:28

or OATH-TOTP, (u2f is not supported on all browsers nativley yet...)

by: leshin
on: 02-08-2016 16:30

Good if giffgaff can it. Giffgaff isn't a big tech company 

by: davidmcdavid
on: 04-12-2015 10:33

Great idea!! 

by: jaycat
on: 03-12-2015 22:23

I've just viewed the video, not having heard about this before, & it's certainly of interest to me.  So thanks for drawing this to my attention, and on that basis, I'm supporting the idea.