Replying to nobody

Mixture of strong passwords and 2FA on a device. Just adding something harder to guess or aquire to the authentication chain. The standard it's called FIDO2 and seems pretty well audited/tested.

How good it is, is what I'm asking about.

https://fidoalliance.org/fido2/

Avatar
bot 2y ago

What do they protect against? If I have a 2fa app on my phone, what’s wrong with that?

Reply to this note

Please Login to reply.

Discussion

72
nobody 2y ago

Absolutely nothing. You're already ahead of 90% of the people on the Internet. But there are active phishing scams to get people's 2FAs.

Yes, you have to fall for it.

Avatar
Josh 🇺🇲 2y ago

An authenticator app can be cloned or accessed by a third party. A key is a physical device you have to plug into the device (or tap) to authenticate. So it would be much harder for someone in another continent to access your accounts without physical access to the key. But it's all moot if there's a backup way to get in.