Conversation

Notices

1. Embed this notice
   Micr0byte (micr0@fuzzies.wtf)'s status on Saturday, 07-Dec-2024 03:30:29 JST Micr0byte

   2FA over SMS or phone call is the worst thing to exist

   • prettygood likes this.
   • Embed this notice
     prettygood (prettygood@socially.drinkingatmy.computer)'s status on Saturday, 07-Dec-2024 03:30:59 JST prettygood

     in reply to
     @micr0 SMS IS NOT 2FA. I've been beating this drum for at least eight years, people are finally, FINALLY starting to listen.
   • Embed this notice
     SuperDicq (superdicq@minidisc.tokyo)'s status on Saturday, 07-Dec-2024 03:31:41 JST SuperDicq

     in reply to

     @micr0@fuzzies.wtf I use KDE Connect so I can copy paste SMS 2FA straight from my phone.
     
     I think email is a better solution tho.

     prettygood likes this.
   • Embed this notice
     SuperDicq (superdicq@minidisc.tokyo)'s status on Saturday, 07-Dec-2024 03:31:46 JST SuperDicq

     in reply to

     @micr0@fuzzies.wtf Or you know, just TOTP

     prettygood likes this.
   • Embed this notice
     prettygood (prettygood@socially.drinkingatmy.computer)'s status on Saturday, 07-Dec-2024 03:34:05 JST prettygood

     in reply to

     • SuperDicq
     @SuperDicq @micr0 please god yes more TOTP support. It isn't perfect and I know this but it is leagues ahead of SMS, or email verification, or many other options.
   • Embed this notice
     SuperDicq (superdicq@minidisc.tokyo)'s status on Saturday, 07-Dec-2024 03:35:54 JST SuperDicq

     in reply to

     @micr0@fuzzies.wtf When the email 2FA code gets sent to the email address that uses the exact same password as the site you singed up for :thumbsupkonata:

   • Embed this notice
     Micr0byte (micr0@fuzzies.wtf)'s status on Saturday, 07-Dec-2024 03:35:55 JST Micr0byte

     in reply to

     • SuperDicq

     @SuperDicq TOTP or a hardware key is the only true way to do it in my opinion

     SMS is not secure at all

     email is eh, but its barley 2FA at that point

   • Embed this notice
     Micr0byte (micr0@fuzzies.wtf)'s status on Saturday, 07-Dec-2024 03:36:08 JST Micr0byte

     in reply to

     • SuperDicq
     • prettygood

     @prettygood @SuperDicq the worst services are those who support TOTP but then FORCE a single app, like DUO for example, TOTP exist you do not need some proprietary crap implementation for it

     prettygood likes this.
   • Embed this notice
     prettygood (prettygood@socially.drinkingatmy.computer)'s status on Saturday, 07-Dec-2024 03:36:25 JST prettygood

     in reply to

     • SuperDicq
     @micr0 @SuperDicq STEAAAAAAAAAAAAAAAAAM valve you are smart, why the hell do you do this?
   • Embed this notice
     SuperDicq (superdicq@minidisc.tokyo)'s status on Saturday, 07-Dec-2024 03:36:47 JST SuperDicq

     in reply to

     • prettygood

     @prettygood@socially.drinkingatmy.computer @micr0@fuzzies.wtf Probably money

   • Embed this notice
     Micr0byte (micr0@fuzzies.wtf)'s status on Saturday, 07-Dec-2024 03:37:10 JST Micr0byte

     in reply to

     • SuperDicq
     • prettygood

     @prettygood @SuperDicq yep steam too, its annoying af

     prettygood likes this.
   • Embed this notice
     prettygood (prettygood@socially.drinkingatmy.computer)'s status on Saturday, 07-Dec-2024 03:40:19 JST prettygood

     in reply to

     • SuperDicq
     @SuperDicq @micr0 at least my email account is secured with TOTP, I guess?
   • Embed this notice
     SuperDicq (superdicq@minidisc.tokyo)'s status on Saturday, 07-Dec-2024 03:40:50 JST SuperDicq

     in reply to

     • prettygood

     @prettygood@socially.drinkingatmy.computer @micr0@fuzzies.wtf So essentially what you're saying any 2FA email code is actually a TOTP code

   • Embed this notice
     prettygood (prettygood@socially.drinkingatmy.computer)'s status on Saturday, 07-Dec-2024 03:41:42 JST prettygood

     in reply to

     • SuperDicq
     @SuperDicq @micr0 no because I have to use separate passwords for IMAP/SMTP because they haven't implemented OAuth 😩