I see that Telus is now sending emails out about proper password security for our accounts. They state that a minimum of 8 characters is best, as well as being complex, so a mix of upper/lower case, symbols and numbers. As a security professional, I find these kinds of statements to be sort of error prone. Passwords these days need to be a minimum of 12 characters as anything less than 12 can now be cracked in less than 1.5 hours. Rainbow tables of 8 characters or less can fit on a small thumb drive. For those not knowing, a rainbow table is a table of every combination of letters, number and symbols that can be created, so in essence every password conceivable. 8 character passwords can be cracked in less than 40 minutes now on modern hardware. So aside from giving bad advice in their recent email, does anyone know if Telus has plans to start using MFA (Multifactor Authentication) or 2FA as it's known in some circles? I'd love to protect my account with an Authenticator which changes a 6 digit or higher number every minute to go along with our password. It would go a very long way to implement this level of authentication and make our account quite a bit more secure.


More... (https://forum.telus.com/t5/Internet-TV-Home-Phone/Multifactor-Authentication/m-p/94863#M20576)