Replying to nobody

SMS 2FA is worse than no 2FA. Everyone has been moving away from this for a while now.
89
nobody 2y ago

Faxxxxxx lol

Reply to this note

Please Login to reply.

Discussion

72
nobody 2y ago

Ordering mine this week. I’ve been using BitWarden for a long time, but I’d like to separate points of failure if you know what I mean.

89
nobody 2y ago

Order a 3 pack, at least 2. One backup. Register multiple everytime per site if poss 😅

Avatar
adpo 2y ago

Yes, 2 minimum. They shouldn’t even allow singles. 😬

89
nobody 2y ago

🤝

89
nobody 2y ago

Hold up. Can I get you my YubiKey referral url Lolll 🤣

89
nobody 2y ago

Which? I like 2nd from left, bigger finger easier to hit maybe USBC alltheway

72
nobody 2y ago

I’ll be getting the USB-C version, as most of my machines have that (or only that) now.

Avatar
. 2y ago

Getting a backup key?

72
nobody 2y ago

Yes. To keep in the fireproof safe.

Avatar
gsovereignty 2y ago

I don't think backup keys actually work. The "backup" doesn't do anything to help you access anything.

89
nobody 2y ago

If you lose a key, you already registered the other. No freakout?

Avatar
gsovereignty 2y ago

Depends what you mean by "registered".

No one lets you have more than one 2fa on the same account though.

89
nobody 2y ago

89
nobody 2y ago

Same account. 2. Can add 3. Namecheap

72
nobody 2y ago

Microsoft and Google both do. I know they’re “they who shall not be named” around here, but… 🤣

Avatar
tforbanan 2y ago

Whoa EZ there, those things are all trash, I've been deep diving the webauthn+fido2 specs past months, and it's a proprietary hellhole. Not a solution for anything.

For instance, the architects decided that the public key should only be exposed once and stored in a mysql Database. Instead they rely on something called credential ID.

The point is, these devices were and are designed for web 2.0.

Oh right, Google injects data into your payload:

https://goo.gl/yabPex

The entire passkey standard is big-enterprise.