Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mastodon.social/users/canard164/statuses/112343871498471688">canard164 (canard164@mastodon.social)'s status on Sunday, 28-Apr-2024 01:07:04 JST</a><a href="https://mastodon.social/@canard164" title="canard164@mastodon.social"><img src="https://gnusocial.jp/theme/gnusocialjp/default-avatar-stream.png" width="48" height="48" alt="canard164" style="position: absolute; left: 0; top: 0;">canard164</a><div><ul><li><li><a href="https://gnusocial.jp/user/111562" title="timbray@cosocial.ca">Tim Bray</a></li><li><a href="https://gnusocial.jp/user/153793" title="lightninhopkins@mastodon.social">Adlangx</a></li></ul></div></section><article><p><a href="https://mas.to/@tokyo_0">@tokyo_0</a><br>With 2FA with one time passcode such as TOTP, SMS, email codes, the user can send this second factor to a hacker who impersonates the service.<br>There are bots who receive the one-time code and who then send them to the real site to access to the account.<br>Regarding biometry, this is not a requirement. You can unlock a passkey by a pin (or by a schema on your phone) if you wish. Passkeys are designed to be decrypted by the same way you unlock your device.<br><a href="https://mastodon.social/@lightninhopkins">@lightninhopkins</a> <a href="https://cosocial.ca/@timbray">@timbray</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/3000200#notice-5963851">In conversation</a><time datetime="2024-04-28T01:07:04+09:00" title="Sunday, 28-Apr-2024 01:07:04 JST">Sunday, 28-Apr-2024 01:07:04 JST</time> <span>from <span><a href="https://gnusocial.jp/notice/5963851" rel="external" title="Sent from gnusocial.jp via ActivityPub">gnusocial.jp</a></span></span><a href="https://gnusocial.jp/notice/5963851">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
canard164 (canard164@mastodon.social)'s status on Sunday, 28-Apr-2024 01:07:04 JSTcanard164
@tokyo_0
With 2FA with one time passcode such as TOTP, SMS, email codes, the user can send this second factor to a hacker who impersonates the service.
There are bots who receive the one-time code and who then send them to the real site to access to the account.
Regarding biometry, this is not a requirement. You can unlock a passkey by a pin (or by a schema on your phone) if you wish. Passkeys are designed to be decrypted by the same way you unlock your device.
@lightninhopkins @timbray
In conversationSunday, 28-Apr-2024 01:07:04 JST from gnusocial.jppermalink

Public

Embed Notice

HTML Code

Corresponding Notice