2FA #asknostr
I don't like 2FAs where they send an sms, because this way my phone number gets into many databases and the chances are higher that it leaks.
I prefer more TOTP apps.
What is your opinion Anon?
#nostr
Discussion
Don’t use sms 2fa
Yes
I disable sms 2FA wherever possible because it provides an attack vector to my accounts via sim swap. Garbage security model that should not be the standard
Same here. Why give my number? It's just more data that is spread around.
Either OTP or no 2fa at all. Having secure and long passwords is a must though.
Same
You shouldn't use SMS for the simple reason that if you get sim swapped, you're cooked. Your primary reason would be a far, far secondary for me.
But yeah, I prefer to use an authenticator app over any other methods. There are still a lot of old companies out there like my mortgage lender that still send emails.
it's pretty sad that regular google specified "OTP" 2fa is based on MD5 tho lol