Counter Intuitive 2 Factor Authentication

I really dont see the point of this feature. I have disabled 2 FA for Bitdefender. Yet, when i lost my phone and wanting to login my account via a stranger's phone, it prompted for a code sent to my email. And my gmail requires 2 FA as well. Like whats the point of 2 FA for bitdefender, leave those feature to email company.

How do i really disable 2 FA permanently in bitdefender? I tried the instruction in support page but thats a fluke

Find more posts tagged with

Comments

Alexandru_BD

Hello,

The point is, with 2-FA enabled, your Central account can only be accessed on devices you trust. Each time you sign in to your Central from a new device, your password and a verification code will be required. This way you will prevent account takeover and keep away types of cyberattacks, such as keyloggers, brute-force, or dictionary attacks. You can also use an authenticator app to generate a code each time you want to sign in to your Central account. If you would like to use an authenticator app, but you are not sure what to choose, a list of recommended apps is available. Simply select USE AUTHENTICATOR APP to start. To sign in on an Android or iOS-based device, use your device to scan the QR code. To sign in on a laptop or computer, you can add manually the displayed code.

If you don’t want to enter a 2-Factor Authentication code every time you sign in to your Bitdefender Central account, you can mark your device as trusted. You can sign in from trusted devices without using 2-Factor Authentication.

Now, I can elaborate on the numerous reasons why you should use this additional security layer for your account. 2FA has become imperative in today’s digital world, and authenticator apps have the edge because they provide stronger safeguards against threat actors looking to hack into your online accounts. Threat actors will use data leaks, public records or social engineering to gain access to accounts and steal personal data which they can later sell or use in phishing attacks and impersonations. And they will exploit any possible vulnerability to hack any account they can get their hands on, no matter if there's a person or a company involved.

Authenticator apps work locally, meaning there’s no way for an attacker to intercept your codes – unless they’ve infected you with data-stealing malware, but that’s a different discussion. An authenticator app will show a clear countdown timer for your codes and will generate new ones when the time expires, making it hard for anyone to intercept those codes without access to your phone. Most importantly, authenticator apps exhibit none of the weaknesses of SMS 2FA, for example.

Regards

AGy

Thanks for the clarity, but Im a nobody and I do not need it.

Just to cut it short, I disabled 2-FA in Bitdefender but left frustrated when Bitdefender still prompted for 2-FA when i tried to login from a friends phone. Then it gets send to my gmail, which also requires a 2FA by call.

Super counter-intuitive for a internet security company to apply 2 FA when users need to locate their lost phone urgently

Alexandru_BD

@AGy I understand your frustration.. Did you manage to find your phone afterwards? You previously disabled 2FA from here, right?

I think it's possible that 2FA is still requested IF a login is detected from an unknown device, despite the fact it was previously disabled. This is called "enforced 2FA" and it's like traction control on some newer cars, you can't turn it off completely. 😄 But the preference should be kept when logging in from trusted devices you previously used.
Only the Support teams cand disable this backup 2FA, should you no longer require this.

And this is exactly what bad actors prey on - "I'm nobody and they have nothing to steal from me". Well, to break this bubble, this is how people end up losing personal data, account credentials and get phishing emails and spam, or worse..

Regards

AGy

Yes, that is the page that i disabled 2FA. Ill reach out to support team for this. Thanks