Subnostr

It is time.

#opsec

I've got one of these on my keyring. Been using it for years with github, bitwarden, and a few other websites.

I also use TOTP as a fallback and I have an TOTP database and little rust program on an offline computer in case I lose my phone I still have all my TOTP seeds.

I *hate* TXT based 2-factor. My phone provider sometimes gets stuck and TXTs don't arrive for hours, then they come all as a batch. And it's too easy for someone to impersonate my SIM.

Reply to this note

Please Login to reply.

Discussion

nobody 2y ago

Not to mention SMS not being encrypted.

I’m not gonna lie, Apple Passkeys made me think about this lately. This is my first set, so I’m going slow. GitHub, Microsoft, and Google are my trial accounts, since they were on passkeys already.

I just felt this is something better done externally to the device 🤷‍♂️

Kc 2y ago

You can also secure your ssh sessions with them.