@horse @ASCIInaut to be clear, I also have a ton of "low stake" 2FAs in my password manager because too many services are unreasonable re: 2FA and it's easier to go with the flow.
I just wish it wasn't needed.
@horse @ASCIInaut to be clear, I also have a ton of "low stake" 2FAs in my password manager because too many services are unreasonable re: 2FA and it's easier to go with the flow.
I just wish it wasn't needed.
@horse @ASCIInaut (unreasonably deadpan here) ah but social media is what we make of it ourselves!
What if we actually used it to spread the nuance that comes with concept like threat model, and discuss how to explain reasonable people when sites insist on terrible practices due to bandwagons rather than thought out security considerations?
@horse @ASCIInaut that's literally the one case I explicitly call "Security Fiction" in this context.
Read the post before passing judgement, next time?
@horse @ASCIInaut please read the post, I do indeed talk about thread models.
For those people there's no need for 2FA at all at that point, the password manager is already a suitable defence.
@grumpygamer email 2FA should work better than SMS, but password manager TOTP would just make it "security fiction" for what it's worth.
https://flameeyes.blog/2021/11/30/2fa-totp-keys-and-password-managers/
C-list Blogger Since 2004.Systems Mechanic, Conference Wannabe. Hot chili, mild takes.he/him || they/them
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.