I am looking for a new #2fa app, especially for #totp tokens. Has anyone here experiences with #2fas ( https://2fas.com/ ) and knows whether it is secure and good?
Also does anybody has a good migration path away from #andotp since that it no longer maintained?
Thanks for all the great recommendations. For multiple reasons I am also seeking something with iOS support.
Random Website: You need to set up #2FA with your phone number!
Me: Why?
Website: In case we get hacked!
Me: I don't really care, no one even knows about this account and it doesn't have my personal information.
Website: You misunderstand, it's so that in case we get hacked, we HAVE your information to leak to the hackers. They worked hard and deserve it! Also we sell your account to ad companies but they're not interested unless they can tie it to a real person.
I received another email from #StandardBank, advising me to stop using a password to log into Internet Banking, and switch to scanning a QR code from within the Mobile App. No, Standard Bank, I'm not going to do that. Because it's stupid, and here's why:
The whole reason for me to visit Internet Banking on my computer is because I do not WANT to log into the banking app on my phone. But in order for me to use Internet Banking on my computer, they want me to open the app on my phone, log in, then navigate to the menu item for QR code scanning, and then scan the code I see on my PC monitor. At which point, I may as well use the mobile app. Which I didn't want.
Why can't they just use one of the many many Authenticator apps, like a normal company? I'd be more than happy to open my authenticator app, find Standard Bank, and punch the code in. It's good enough for Google, Microsoft, Github....
hm. Do I spend $30 (after shipping) on another #2FA#U2F security key, but this one can store 50 #TOTP (as well as work as a standard #FIDO2#SecurityKey) entries.
Compared to #yubico#yubikey which is $50 (before shipping) and stores only 32 TOTP.
It'd only be around $22, but it apparently ships from Switzerland?
The Two-Factor Authentication plugin that comes bundled with #NodeBB was just updated to v7.4.0. It now notifies you if your account was accessed, but the second factor challenge was not passed. If you see this notification, and it wasn't you, you just might want to change your now-compromised password!
Oft forgotten, this feature provides much needed positive reinforcement that, yeah, #2FA works!
PassKeys seem like a bad idea. Google backs them up to the cloud, so if your Google account is compromised then all your private keys are compromised. I don't see how that's an improvement over password+2FA at all.
Now security keys I get; keep the private key on an airgapped device. That's good. Hell I even keep my 2FA-OTP salts on a YubiKey.
Ugh. I wish things that required #2FA authenticator apps were required to support having multiple apps. I've been using KeySmith on KDE and I have no way to reuse my data on a second device. 🙃
2FAS is a private, free and open-source two-factor authenticator for Android and iOS, and Desktop Browsers
2FAS is an interesting app as it focusses more on privacy than Google and Microsoft’s 2FA authenticators do (we all know Google and Microsoft love to know where you log in, from where, and when). To this end, the app operates on its own and, if you choose to, ...continues
Paf, #Github qui me sécurise « We're reaching out to let you know that, as announced last year, we have officially begun requiring users who contribute code on GitHub.com to have two-factor authentication (2FA) enabled. »
Pro:
• stored safely on protected hardware
• secret "cannot" be extracted
• can access TOTP codes from an untrusted device, e.g. if my phone's battery is empty
Con:
• backing up the secrets is "not possible"
• having a second YubiKey for redundancy is recommended, but both need to be present when setting up a new secret (or you need to store a copy of the secret somewhere else)
• only has 32 slots (but I only have 23 TOTPs atm)
I was going to mess around with Lemmy but I enabled 2FA yesterday, and somehow failed to update 1Password with the 2FA. So, I guess I've lost that account. 🤷
There were no recovery codes offered when I enabled 2FA. Sigh.
As #twilio is sunsetting their #authy desktop apps, I am wondering if there are any open source #2fa apps out there that support both desktop and mobile, maybe even Apple Watch...? Twilio still supports the mobile apps, but I don't want to get caught unprepared if they ever drop those, too.
I've activated two-factor-authentication on my #Mastodon account. That means you can be 53.42% more certain that the nonsense written here is genuine nonsense by me, and not imitation nonsense.