The place to chill and talk about anything not related to technology.
- Lazy Owner
- Posts: 759
- Joined: 11 Jan 2021, 07:40
- OS: Windows 8.1 x64
- Has thanked: 385 times
- Been thanked: 178 times
Many services and people will suggest to use phone 2fa to "improve security", however most of the time it does nothing except waste your time. Even if a hacker gets your password, most services worth hacking already have a form of email 2fa where they email you a code if a new computer or IP logs into your account. Discord, Steam, Google, etc all have this yet want you to use 2fa with your phone. Your phone is no more secure than email, and can be less secure in some cases. 2fa also does nothing if your authentication cookie or token gets stolen, which is what most account stealers target. There is no practical way to defend against such an attack, no amount of x factor authentication will help. I'm tired of this "2fa is more secure" bullshit that is being pushed upon us.
- Posts: 13
- Joined: 13 Jan 2021, 01:08
- Has thanked: 2 times
- Been thanked: 7 times
TOTP is good, just no good PC clients (Bitwarden and Proton Pass supports it if you pay) and I hate having to check the phone I soon won't even have.
Proprietary bullshit like Steam/Battle.net's can fuck off and SMSing a code even more so since it's completely insecure, harvests the phone number and yeah. Some even lock TOTP behind a phone like the complete retards they are like Battle,net and Twitch.
Users browsing this forum: No registered users and 1 guest