I’m pretty iffy on 2FA. I’m using it for several things but I don’t like that my one and only option for that is this one smartphone. If I drop the phone in a lake, I can’t do Google anything anymore, or do some other crucial things. If I decide to step down to a dumb phone, no, I can’t. I’m just locked into this permanently, now. Half the internet is off limits if I lose, break, or decide to get rid of my phone.,
I’ve gone from having two options for net access - phone and PC - so a primary and a backup, to having one option, both of them at once, and one is none.
It’s a single point of failure that’s already vulnerable to SIM swap attacks and even shoulder surfing. You’re highly reliant on the target org you’re logging into, and whether their setup process is janky.
2FA makes sense in broad theory, it doesn’t make sense in practice, where no options except for your one and only smartphone exist for 2FA. They’ve not developed some other method and don’t appear to be trying. It’s just that or fuckin nothing.
It should be smartphone plus other thing as 2FA options, so the phone can be lost, stolen, destroyed, without leaving you up shit creek, and yet that other thing refuses to show itself.
You can buy a dedicated 2fa device. You can set your Google account to use the hardware key instead of sms verification. I don’t use sms 2fa on any of my accounts. Hardware security keys are inexpensive and work when you lose the phone. Yubikey offers numerous products that do what you want. You can also have 2FA keys on your smartwatch.
Yeah, that’s always been my hesitant, and I don’t really have the physical assets, financial assets, or intellectual property that would really demand the need for 2FA on all of my accounts.
Yes, which is what I use. I don’t really like the company and people behind it, and they’ve did some shady stuff but the other chromium browsers aren’t really any better.
I don’t hate it, I really want to like it. It’s just that I have a rather niche issue that really bugs me and forces me to chromium (or derivatives).
FIDO2 / YubiKey support on Chromium is far superior compared to FF.
Ah gotcha. I don’t use a lot of 2FA outside of duo.
Hey, you should. Great way to secure your accounts.
I use bitwarden for most of my password creation and storage. I think they have 2FA so I may look into it.
I’m pretty iffy on 2FA. I’m using it for several things but I don’t like that my one and only option for that is this one smartphone. If I drop the phone in a lake, I can’t do Google anything anymore, or do some other crucial things. If I decide to step down to a dumb phone, no, I can’t. I’m just locked into this permanently, now. Half the internet is off limits if I lose, break, or decide to get rid of my phone.,
I’ve gone from having two options for net access - phone and PC - so a primary and a backup, to having one option, both of them at once, and one is none.
It’s a single point of failure that’s already vulnerable to SIM swap attacks and even shoulder surfing. You’re highly reliant on the target org you’re logging into, and whether their setup process is janky.
2FA makes sense in broad theory, it doesn’t make sense in practice, where no options except for your one and only smartphone exist for 2FA. They’ve not developed some other method and don’t appear to be trying. It’s just that or fuckin nothing.
It should be smartphone plus other thing as 2FA options, so the phone can be lost, stolen, destroyed, without leaving you up shit creek, and yet that other thing refuses to show itself.
You can buy a dedicated 2fa device. You can set your Google account to use the hardware key instead of sms verification. I don’t use sms 2fa on any of my accounts. Hardware security keys are inexpensive and work when you lose the phone. Yubikey offers numerous products that do what you want. You can also have 2FA keys on your smartwatch.
I’ll have to look into that, thanks.
Yeah, that’s always been my hesitant, and I don’t really have the physical assets, financial assets, or intellectual property that would really demand the need for 2FA on all of my accounts.
You mentioned chromium and not chrome, so I’m assuming it works well in Brave?
Yes, which is what I use. I don’t really like the company and people behind it, and they’ve did some shady stuff but the other chromium browsers aren’t really any better.