Friendica Social Network

TundraWolf 5 days ago • mastodon (AP)

2FA using a mobile phone as the second factor sucks.

Yesterday, the phone's battery went flat and I couldn't log into anything.

Today the phone wants to do a massive update of the OS (and, from the snail-like speed, firmware) and I cannot log into anything.

Contrast to other systems to which I need to connect that accept a code from a device that plugs into a USB port but also supports NFC, on which I need to press a button.

1 1

Pippin 5 days ago friendica

This is why I try to use an authentication app rather than SMS when offered, and I try to save the auth secret in at least two places (one of which is on RAID 1 and is regularly backed up to another machine, also with RAID 1, too), not just in a single app on my phone. That saved my skin a few weeks ago when my phone died (completely - still haven't been able to get it to power on again) and I had to switch to my backup phone, but thankfully still had almost all my 2FA secrets available.

Thumper 5 days ago • mastodon (AP)

This is very intentional. E-mail/SMS significantly lower support costs/overhead. This is why TOTP/Tokens are already disappearing as options from systems that are not considered the highest security need. Even though E-mail and SMS 2FA are garbage from a security perspective, they're better than nothing, they 'tick the box' for compliance and have the lowest support overhead.