OH DEAR. THIS POST WAS SET TO SELF-DETONATE 💣 💥 🔥
Ą̷͇̀l̵̩̓̕l̸̩͘ ̸̭̪̈́ť̷̝̍̆h̶̡̛̰̯̏͌a̷͕̞͋̂t̵̩͙͑̈́͝'̵̛̍́ͅͅş̴̬̱͝ ̷̗̊͠l̵͚̕͠ē̸̻͓̐͝f̷̧͙̀̑͝t̶͓̓͊̚ ̶̜̱̓͌́a̴͉͊r̶̡̩͛̀é̵̦̞͕ ̶̮̾ṫ̷̡͈̍ḧ̸̛͍́̊e̴̫̅ş̶̥̰̓e̴̟̪͌͂̇ ̷̞̅͊̚h̷̰͕͈͂e̶̡̹̜̚ŗ̸̗͈̾̇e̴̩̍͐ ̷̪͉̩̀a̵̡̱̐͑͝s̴͎͖̈́h̸͈͌́͜e̴͕̝̐̌ś̶͓̆ͅ.̵̩̉ ̵̱͊͑̀
@john_b Thanks! That helps. Time to change things up a bit. I know what I’m doing over Christmas. 🥸
@0x56 BIG fan of YubiKey.
@researchbuzz - I am too. But I hesitate to recommend them for 2 reasons.
First, there's not enough support yet. Second, you should always have two, a primary and a backup in case you lose the first.
@0x56 Oh absolutely. I started with two.
@0x56
I would avoid Google Authenticator and Authy. GA does not have backups. Authy was bought by Twilio a while back and development stagnated. Both apps are closed-source.
I migrated from Authy to Aegis and it's much better, besides being open-source.
The biggest reason to not use Authy anymore may be that they were compromised in the same breach that recently hit LastPass:
https://www.androidpolice.com/authy-hacked-what-to-know/
@0x56
Scroll down this page for recommended open-source 2FA apps. A friend on iOS uses Ravio and likes it.
@voltronic @0x56 I use Duo for work stuff, and some personal. I wish PayPal had a better option.
PayPal supports TOTP MFA
and to volt's thing about google authenticator not having backups...it does if you're willing to do things... 🙂
Well fffffff on Authy, didn’t know that.
OH DEAR. THIS POST WAS SET TO SELF-DETONATE 💣 💥 🔥
Ą̷͇̀l̵̩̓̕l̸̩͘ ̸̭̪̈́ť̷̝̍̆h̶̡̛̰̯̏͌a̷͕̞͋̂t̵̩͙͑̈́͝'̵̛̍́ͅͅş̴̬̱͝ ̷̗̊͠l̵͚̕͠ē̸̻͓̐͝f̷̧͙̀̑͝t̶͓̓͊̚ ̶̜̱̓͌́a̴͉͊r̶̡̩͛̀é̵̦̞͕ ̶̮̾ṫ̷̡͈̍ḧ̸̛͍́̊e̴̫̅ş̶̥̰̓e̴̟̪͌͂̇ ̷̞̅͊̚h̷̰͕͈͂e̶̡̹̜̚ŗ̸̗͈̾̇e̴̩̍͐ ̷̪͉̩̀a̵̡̱̐͑͝s̴͎͖̈́h̸͈͌́͜e̴͕̝̐̌ś̶͓̆ͅ.̵̩̉ ̵̱͊͑̀
@0x56 @voltronic @Smersh missed it as well
And it’s android only 😔
@voltronic @JGNWYRK @0x56 @Smersh
From what I'm reading, Ravio stores only one-time-passwords, whereas managers like 1Password et. al. store passwords, secure notes, CC info, etc.
It seems every popular password manager has had a bad year. 1Password became an Electron app, which many users opposed and Last Pass was breached. Bit Warden just needs to add a few features that the major players have and it could surge ahead next year.
@voltronic @JGNWYRK @0x56 @Smersh
I know Last Pass and BitWarden have tried incorporating OTP into their apps. I don’t know who else might be. I try to use the same brand for passwords and OTPs, I just expect them to work together better. Last Pass’ OTP is a separate app, an approach I like.
@Jeber @voltronic @JGNWYRK @0x56 @Smersh
careful...
having your password (a thing you know) and your one time code (a thing you have) stored in a single password safe turns your two factor authentication into single factor authentication...assuming the safe is unlocked solely by passphrase (a thing you know)
you could argue that both stealing the safe and cracking the passphrase is hard...but it's still a bad idea (IMHO)
@0x56 uh oh. I’ve been buried in work. What did I miss? I just finally subscribed a month ago in the hopes of having better/safer passwords. 😒