[deleted]
Rawr
Submitted 1 day ago by benni@lemmy.world to [deleted]
https://lemmy.world/pictrs/image/f1b5a25b-e8ab-4c2c-b739-558352a6d77c.jpeg
Comments
Nyadia@lemmy.blahaj.zone 1 day ago
folekaule@lemmy.world 1 day ago
Always download the backup 2fa codes. This is when you need them.
Cornelius_Wangenheim@lemmy.world 1 day ago
Or buy a yubikey and set it up as a backup MFA on at least your email and password manager, then keep it in a fireproof safe.
Venus_Ziegenfalle@feddit.org 1 day ago
Have Android phone
Don’t bother signing into your Google account
Download Canta, Shizuku and f-droid apk and install
Use canta to uninstall every Google app that isn’t strictly required
Chrome, Gmail, Drive
Weather, Launcher, News
Clock, Keyboard, even the damn Calculator
Everything. Canta actually tells you what is and isn’t safe
Replace everything with open source alternatives as you go (don’t forget about a keyboard alternative)
Get APKUpdater to install and update apps that aren’t on f-droid from various sources you can choose
Have hastily degoogled Android phone
hansolo@lemm.ee 1 day ago
Do you not back up your 2FA when you set them up?
People should need to take a test before they can be on the internet.
Nyadia@lemmy.blahaj.zone 23 hours ago
I’ve never set up 2FA on my google accounts, but knew someone who this happened to which is why I was hesitant to set it up on my own accounts. Didn’t know backing up 2fa was a thing.
Jerkingass@lemmy.world 1 day ago
This. So many times. OMG!
unexposedhazard@discuss.tchncs.de 1 day ago
I was always annoyed with MFA because i didnt like needing multiple devices or applications just to log into one shitty website. Now i have my TOTP stuff stored in keepassxc so it just autofills with zero hassle :)
interdimensionalmeme@lemmy.ml 17 hours ago
Isn’t that effectively back to single factor?
jj4211@lemmy.world 2 hours ago
Realistically speaking, MFA most importantly is to get away from the “something you know” factor since that is generally more vulnerable. Even if it is a single factor, it’s a better factor.
Also enables people to meaningfully have multiple factors if they choose. The password managers generally require a master passphrase and/or unlocking through something like “Windows Hello”
gamermanh@lemmy.dbzer0.com 13 hours ago
Every manager I’ve encountered requires unlocking before it’ll fill anything in, meaning it is MFA usually
The 3 factor types are something you are, know, and have. On my phone for example I unlock my device with a pin code and my password manager with biometrics (know & are)
It gets iffier on desktop devices for sure but if you get a cheapo fingerprint scanner you can make it guaranteed MFA ezpz, unlock the PC with your fingerprint and enter your password to get to the password manager
unexposedhazard@discuss.tchncs.de 13 hours ago
Yeah basically, but MFA is honestly not that needed if you use a password manager, secure passwords and URL based autofill. MFA was invented to protect plebs that use bad passwords and easily fall for phishing sites.
RobotZap10000@feddit.nl 1 day ago
I suppose that you could have a separate database for your TOTP secrets, but I think that the autofill already helps with spotting phishing, which I believe is a good trade. If my autofill doesn’t work all of a sudden, I might check the domain name again.
jodanlime@midwest.social 1 day ago
The lion has joined the botnet.
Gork@lemm.ee 1 day ago
Why doesn’t the bigger app that needs authentication not just eat the smaller app?
saltnotsugar@lemm.ee 1 day ago
Only 8 factor authentication is secure enough.
eager_eagle@lemmy.world 1 day ago
a memmy original leme
bratorange@feddit.org 1 day ago
The mastodonian doesn’t concern himself with tls. Unfortunately based on a true story.
simplejack@lemmy.world 1 day ago
A Lemmy original meme
boredtortoise@lemm.ee 1 day ago
It’s like a dj tag on a rap track
Bleys@lemmy.world 18 hours ago
honestly respect for my compatriots creating OC