Hmm... You need an account with 2FA for demand. That's a hard no from me.
Discussion
Why are you against 2FA?
It's just another form of KYC:
1. If it involves a cell phone number, it's usually tied to a sim card which is tied to your "real" ID.
2. Email is normally extremely compromised and can usually be traced back to you.
Therefore, it's pretty friggin easy to for any nosey party to come after you for some dumb notion of "tax evasion."
Plus, it's only another means of adding more attack vectors to possibly compromise your security.
In short, it's dumb AND dangerous.
On the other hand, contrary to popular belief, device-level face ID (like in your phone or computer) is private and secure.
Uh, no.
Biometrics are not secure. In the US, you can be coerced to open tech with biometrics but passwords are still (mostly) protected.
He ment on the technological front... The fingerprint/face ID unlocks your device/opens the key manager in the background, it doesn't actually use your biometric data as "password"
But yes, it poses a risk by being forced/coerced to unlock a device
Meh. It's not very secure. There are pretty easy ways to defeat face and fingerprint stuff given time and a little bit of access.
Yes, although I meant safe and secure as opposed to "sneaky KYC" 2FA like email and phone number.
From the point of view of a $5 wrench attack, I guess no tech is safe enough and the only realistic way to go about it is good opsec.
The thing is the police can easily hold the phone to your face or place your finger on the fingerprint
It's also legaly a lot led protected (don't really remember the exact terminology, but know that is a thing)
Again, we were talking about 2FA and KYC. Any device unlocking method is susceptible to a $5 wrench attack.
Aegis isn't tied to a cell number.
Cool. Most is. There are ways around a lot of this, but, they take a lot of consideration and discipline to not compromise your security.
Bitwarden also just launched a new standalone authenticator app which isn't tied to a cell number or email address.
And it's easy to host on your own server. Definitely the way to go.
The password manager with built-in TOTP? Yes. The newly released authenticator is just an app on your phone as I understand it.
I'm talking about hosting your own hosting your own password manager and authenticator app that "calls home" to your own server instead of Bitwarden's server. Become sovereign.
https://marketplace.start9.com/vaultwarden
Vaultwarden is a fork of Bitwarden.
Interesting. Thanks for that.
Really bad take, as if those where the recommended FAs methods
Yes they are relatively easy to compromise and they don't protect your privacy...
*still a lot more secure then just a Password; especially because most people use bad passwords, also because most people don't really understand what makes a secure PW, the usual PW requirements and "security ratings" arn't sufficient to make a good PW
*2FA isn't ment for protecting your privacy, in most cases the privacy is lost in way before in 50 other ways, but i there are other 2FA ways that don't compromise you
The lower barrier to entry 2FA wich is safer and also more convenient is through Authenticator app
The next step would be a phisical security Key (for example a yubikey) witch is on a completely other level of Security and onece you got used to it convenience
The downside is it costs (between $25-110 depending on what features &form factor you need)
But on top of just using any form of 2FA anyone that doesn't already use a PW Manager would 100% benefit from starting to use one
For now the combination of a decent PWM and a 2FA Authentication App is probably sufficient for most people, would make they're online easier and a lot more secure, wile probably reduceing a lot of hacks and frauds
In the future it'll probably get worse, so a PWM for "passkeys" (a "new" form of "password" witch basically is a digital signature exchange) and a physical security key will be necessary, at least for high stakes things
That only works for stuff that almost doesn't matter, and certainly doesn't matter to me.
Banks, the IRS, other dumb fedgov BS all use the crapiest forms of 2FA which all ties into KYC and are also not good from a technical standpoint. Plus, all 2FA requires a you to have a device attached to you and unless you go to really effing great lengths, you can be located by location tracking methods. It's just an awful system that shouldn't be used. Yes, I get that there are better ways to do it, but, they don't apply to use cases I'm most concerned about.
Oo yes, governmentts clearly aren't known for being up to dayt with technology (wile in connection with the population, military and spying is different)
But again, i don't think the 2FA is the weak link in the trackimg/privacy side of things
Especially when you're talking of government stuff like IRS or Banks, they have "all" the information on you anyway
I assure you that they don't. π
But they do have enough to try to lock me up. π€·ββοΈ
The problem with tax evasion is often its really little sums.. I think its a waste of govt resources to come after me for 1m satoshi that one might have donated to devs/relays..
I'm all for tax evasion, as I believe it's a citizen's duty to not pay taxes when the government does things with the money that the tax payer (or more technically correctly terms tax evader) finds detestable. In my case, that's literally everything. π