Follow

OH DEAR. THIS POST WAS SET TO SELF-DETONATE 💣 💥 🔥

Ą̷͇̀l̵̩̓̕l̸̩͘ ̸̭̪̈́ť̷̝̍̆h̶̡̛̰̯̏͌a̷͕̞͋̂t̵̩͙͑̈́͝'̵̛̍́ͅͅş̴̬̱͝ ̷̗̊͠l̵͚̕͠ē̸̻͓̐͝f̷̧͙̀̑͝t̶͓̓͊̚ ̶̜̱̓͌́a̴͉͊r̶̡̩͛̀é̵̦̞͕ ̶̮̾ṫ̷̡͈̍ḧ̸̛͍́̊e̴̫̅ş̶̥̰̓e̴̟̪͌͂̇ ̷̞̅͊̚h̷̰͕͈͂e̶̡̹̜̚ŗ̸̗͈̾̇e̴̩̍͐ ̷̪͉̩̀a̵̡̱̐͑͝s̴͎͖̈́h̸͈͌́͜e̴͕̝̐̌ś̶͓̆ͅ.̵̩̉ ̵̱͊͑̀

@0x56 uh oh. I’ve been buried in work. What did I miss? I just finally subscribed a month ago in the hopes of having better/safer passwords. 😒

@john_b Thanks! That helps. Time to change things up a bit. I know what I’m doing over Christmas. 🥸

@researchbuzz - I am too. But I hesitate to recommend them for 2 reasons.
First, there's not enough support yet. Second, you should always have two, a primary and a backup in case you lose the first.

@0x56
I would avoid Google Authenticator and Authy. GA does not have backups. Authy was bought by Twilio a while back and development stagnated. Both apps are closed-source.

I migrated from Authy to Aegis and it's much better, besides being open-source.

The biggest reason to not use Authy anymore may be that they were compromised in the same breach that recently hit LastPass:
androidpolice.com/authy-hacked

@0x56
Scroll down this page for recommended open-source 2FA apps. A friend on iOS uses Ravio and likes it.

privacytools.io/secure-passwor

@voltronic @0x56 I use Duo for work stuff, and some personal. I wish PayPal had a better option.

@Dashdrum @voltronic @0x56

PayPal supports TOTP MFA

and to volt's thing about google authenticator not having backups...it does if you're willing to do things... 🙂

@opie
Confirmed; I use Authy for my PayPal account... And also my work Google account even though they say you're using Google Authenticator.

@Dashdrum @0x56

@Smersh
I posted about it here several months ago, but I don't think a lot of people saw it.

@0x56

OH DEAR. THIS POST WAS SET TO SELF-DETONATE 💣 💥 🔥

Ą̷͇̀l̵̩̓̕l̸̩͘ ̸̭̪̈́ť̷̝̍̆h̶̡̛̰̯̏͌a̷͕̞͋̂t̵̩͙͑̈́͝'̵̛̍́ͅͅş̴̬̱͝ ̷̗̊͠l̵͚̕͠ē̸̻͓̐͝f̷̧͙̀̑͝t̶͓̓͊̚ ̶̜̱̓͌́a̴͉͊r̶̡̩͛̀é̵̦̞͕ ̶̮̾ṫ̷̡͈̍ḧ̸̛͍́̊e̴̫̅ş̶̥̰̓e̴̟̪͌͂̇ ̷̞̅͊̚h̷̰͕͈͂e̶̡̹̜̚ŗ̸̗͈̾̇e̴̩̍͐ ̷̪͉̩̀a̵̡̱̐͑͝s̴͎͖̈́h̸͈͌́͜e̴͕̝̐̌ś̶͓̆ͅ.̵̩̉ ̵̱͊͑̀

@JGNWYRK
... Which is why I posted a site with iOS alternatives. RavioOTP is good.

@0x56 @Smersh

@voltronic @JGNWYRK @0x56 @Smersh
From what I'm reading, Ravio stores only one-time-passwords, whereas managers like 1Password et. al. store passwords, secure notes, CC info, etc.
It seems every popular password manager has had a bad year. 1Password became an Electron app, which many users opposed and Last Pass was breached. Bit Warden just needs to add a few features that the major players have and it could surge ahead next year.

@Jeber
Ravio, Ageis, etc. are OTP apps, and are not password managers. The two can work together to make you more secure than either by itself.

@JGNWYRK @0x56 @Smersh

@voltronic @JGNWYRK @0x56 @Smersh
I know Last Pass and BitWarden have tried incorporating OTP into their apps. I don’t know who else might be. I try to use the same brand for passwords and OTPs, I just expect them to work together better. Last Pass’ OTP is a separate app, an approach I like.

@Jeber @voltronic @JGNWYRK @0x56 @Smersh

careful...

having your password (a thing you know) and your one time code (a thing you have) stored in a single password safe turns your two factor authentication into single factor authentication...assuming the safe is unlocked solely by passphrase (a thing you know)

you could argue that both stealing the safe and cracking the passphrase is hard...but it's still a bad idea (IMHO)

@opie
Agreed. Putting all your eggs in one basket is rarely a good idea.

@Jeber @JGNWYRK @0x56 @Smersh

Sign in to participate in the conversation

CounterSocial is the first Social Network Platform to take a zero-tolerance stance to hostile nations, bot accounts and trolls who are weaponizing OUR social media platforms and freedoms to engage in influence operations against us. And we're here to counter it.