@statsguy so it’s really better to just be safe(r) by default, and give as little as possible an attack surface so say, if a state actor is working against you, you are certainly still in trouble, but if it’s "just" a bunch of scammers, at least you are not an easy prey for them, it’ll cost them too much time/money to get you to you hope for a worthy reward.
Conversation
Notices
-
Embed this notice
Gabriel Pettier (tshirtman@mas.to)'s status on Wednesday, 22-May-2024 16:18:45 JST 
Gabriel Pettier
-
Embed this notice
Gabriel Pettier (tshirtman@mas.to)'s status on Wednesday, 22-May-2024 16:18:45 JST
Gabriel Pettier
@statsguy Personnally i use freeotp+ for "one time passwords" like this, unless there is a specific app to use for the service, as this one is open sources and allows me to export my config in a file to save securely somewhere, in case my phone is stolen or lost (because yes, it can be a big problem if you lose your phone).
-
Embed this notice
Gabriel Pettier (tshirtman@mas.to)'s status on Wednesday, 22-May-2024 16:18:46 JST
Gabriel Pettier
@statsguy NP, regarding the "need" part, that i had forgotten to answer, of course maybe not *all* apps need it, but one should not underestimate the ability to move "laterally", from gaining access to an apparently low criticity account/app, to others, by leveraging it for say, impersonation, or digging information that could help further attacks, email is of course the most obvious failure point, everyone has all their secrets in it, but social accounts can be used to extort money from friends
-
Embed this notice
Gabriel Pettier (tshirtman@mas.to)'s status on Wednesday, 22-May-2024 16:18:47 JST
Gabriel Pettier
@statsguy sms is widely considered unsecure, yes, as it's possible to fraudulently clone a simcard, and get the sms instead of you, an app generated code doesn't have this issue, as they don't need communication, the code is time + key based, and if they did, they could communicate through encryption.
-
Embed this notice
Adam Jacobs 🇺🇦 (statsguy@mas.to)'s status on Wednesday, 22-May-2024 16:18:47 JST 
Adam Jacobs 🇺🇦
@tshirtman Thanks!
-
Embed this notice
Adam Jacobs 🇺🇦 (statsguy@mas.to)'s status on Wednesday, 22-May-2024 16:18:48 JST
Adam Jacobs 🇺🇦
I've noticed that several websites where I've been happily using 2FA with them sending me an SMS message for years seem to want me to switch to using an authenticator app instead.
Is that really more secure? How? And if so, is that level of security realistically needed for anything a normal person might do except banking?
-
Embed this notice
All GNU social JP content and data are available under the