Subnostr

Not sure if possible or how it would work, but for logging into web apps and clients could a user use their verified NIP-05 and connect it to 2FA? Is that possible to eliminate browser extensions and the need for pasting your nsec? #asknostr #grownostr

The Beave 1y ago

2FA is terrible and should be avoided since nearly all 2FA methodologies are about Metadata harvesting and not about securing anything.

Reply to this note

Please Login to reply.

Discussion

⚡ Dee Kay ⚡🇸🇪🇬🇧🇨🇿🇧🇷🇦🇹 1y ago

Mobile number as 2fa is simply the worst. You don't actually own it so can be easily hijacked... And now random website has your phone number.

The Beave 1y ago

Yup.

Bitinsightful 1y ago

Yubikey or Ledger Flex seems best now.