fsebugoutzone.org:9999

       Post 9yQjMhAiAOF1kPbkSO by Zambyte@fosstodon.org
 (DIR) More posts by Zambyte@fosstodon.org
 (DIR) Post #9yQikquzTtiKyID4FM by sir@cmpwn.com
       2020-08-24T00:01:19Z
       
       5 likes, 4 repeats
       
       Don&#39;tfuckinguseSMSfor2FA
       
 (DIR) Post #9yQjMhAiAOF1kPbkSO by Zambyte@fosstodon.org
       2020-08-24T00:07:12Z
       
       0 likes, 0 repeats
       
       @sir CMV: SMS for 2FA &gt; no 2FA
       
 (DIR) Post #9yQjo6sOhnhbHu77vk by sir@cmpwn.com
       2020-08-24T00:12:56Z
       
       0 likes, 0 repeats
       
       @Zambyte incorrectFalse sense of securityDisclosure of private information
       
 (DIR) Post #9yQk7Han5V6M1c1M3s by Meeper@blob.cat
       2020-08-24T00:17:48.222691Z
       
       1 likes, 0 repeats
       
       @sir tbf try not to use sms in general
       
 (DIR) Post #9yQkB3FyKVUGio526C by waweic@chaos.social
       2020-08-24T00:17:01Z
       
       0 likes, 0 repeats
       
       @sir I do. With my bank. 2FA is legally mandatory with Online Banking here. The alternative would be a proprietary app for my smartphone or one of these reidiculously expensive smartcard readers. I do not even own a smartphone. But it&#39;s all broken anyways, because I can just call my Bank and authorize transactions with a 5-digit PIN I tell them on the phone
       
 (DIR) Post #9yQkBus4zYSf0LJiM4 by brandon@fosstodon.org
       2020-08-24T00:18:34Z
       
       0 likes, 0 repeats
       
       @sir Tell that to Apple 🙄
       
 (DIR) Post #9yQkvpr7yGKylpledM by brad@weeaboo.space
       2020-08-24T00:26:55.638034Z
       
       0 likes, 0 repeats
       
       @waweic @sir are you sure it would require a proprietary app? some stuff might say it needs google authenticator or microsoft authenticator, but anything that talks TOTP should work, like &quot;andOTP&quot; from F-Droid. you can also use keepassxc on your PC.
       
 (DIR) Post #9yRHySuL2rzoxD8CEy by wolf480pl@mstdn.io
       2020-08-24T06:37:05Z
       
       0 likes, 0 repeats
       
       @brad @waweic @sir from what I&#39;ve seen, it&#39;s never Google Authenticator, but the bank&#39;s own mobile banking app
       
 (DIR) Post #9yRIKiUrlXanfppL84 by mkb@mastodon.social
       2020-08-24T00:57:50Z
       
       0 likes, 0 repeats
       
       @Zambyte @sir Yep. For all its flaws, SMS as a second factor stops the most common attacks. Yes, TOTP, physical tokens, and challenge-response are all harder to defeat. SMS 2FA—warts and all—is still categorically better than passwords alone. It’s easy to slip into black &amp; white “it’s either secure or it’s not” thinking, but security is always about tradeoffs.
       
 (DIR) Post #9yRIKjALHKllkTESmG by wolf480pl@mstdn.io
       2020-08-24T06:41:03Z
       
       0 likes, 0 repeats
       
       @mkb @Zambyte @sir also note that in case of online.banking, with SMS you can see the details of the transaction you&#39;re approving. Can&#39;t do that with TOTP.I wish banks used something like Ledger Nano (basically a USB smartcard with LCD and 2 buttons) for 2FA
       
 (DIR) Post #9ySF5CXqAuaBWo5XNo by spoon@freeradical.zone
       2020-08-24T17:37:20Z
       
       0 likes, 0 repeats
       
       @sir @Zambyte For example: https://www.wired.com/story/twitter-two-factor-advertising/
       
 (DIR) Post #9ySLQuiTjz5SKWnhvE by plfiorini@fosstodon.org
       2020-08-24T18:49:05Z
       
       0 likes, 0 repeats
       
       @sir i really don&#39;t understand how come banks don&#39;t use hardware keys. there were some scams where people forged IDs of the victim, got a new sim card and use it to steal home banking credentials.