I get in Safety Dashboard a "security problem" for one of the passwords on a site I use.
This site only allows passwords consisting maximum 5 digits.
I get a notification that the used password of 5 digits is a weak password. I agree it's not a very secure password IF it's the only password to get acces to this site.
But this site uses a 2 factor authenthication!
To get acces to that specific site you have to:
- First enter your e-mailadres (as user of the site) and a code ("password") of 5 digits.
- Then, when both are correct, you get by sms a second security code that you also have to enter on your pc.
- And only when this second code is correct, then you get acces to the site.
So you still need a second code which you only can recieve by sms on the cellphone you registered when you made your account.
Even when someone would know my first code of 5 digits and my e-mailadres, he or she still can't get acces to the site, because they can't get het second code.
I will receive this code on my cellphone. When I'm not trying to log in, I know at that time someone tried to get acces. So I can and will change my first code.
I think a 2 step verification is as safe as a long and strong single password.
I would like to have the possibility in Norton Password Manager to "register" the use of a 2 step verification system, when used on certain sites.
So that even short (first) passwords or codes are no longer indicated as a "security problem" in the Safety Dashboard when a 2 factor authentication is used.