Conversation

Notices

1. Embed this notice
   Soblow Xaselgio :dragn_heart: (soblow@eldritch.cafe)'s status on Sunday, 15-Sep-2024 15:45:12 JST Soblow Xaselgio :dragn_heart:

   I don't get why so many people still think SMS 2FA is more secure than App 2FA.
   One involves receiving a magic code from an external source, which nearly anyone can read given the right tools (intercepting SMS...), the other involves using local generation method using a secret key only shown once before, and without any way to guess the code at time t without having the secret key.

   • Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     Soblow Xaselgio :dragn_heart: (soblow@eldritch.cafe)'s status on Sunday, 15-Sep-2024 15:45:22 JST Soblow Xaselgio :dragn_heart:

     in reply to

     "What if someone compromises my smartphone?"
     They'd have access to your SMS anyway?
     "I'm not using a smartphone, but a regular phone similar to a Nokia 3310"
     You're a statistical outlier and should be ignored :grr:

     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Sunday, 15-Sep-2024 15:47:42 JST Haelwenn /элвэн/ :triskell:

     in reply to
     @Soblow Well people using a feature phone can just have the 2FA on their computer, still much more secure than passwords (which can be sniffed, or end up in logs/coredumps/…).