Follow

Wow, two-factor authentication on websites without SMS is sure easy these days:

  1. install f-droid.org/en/packages/org.li
  2. on the website where you want to enable 2FA, go to settings and find where it can be enabled;
  3. you'll be offered to scan a QR code. Do it. A new item will appear in the FreeOTP+'s list of tokens;
  4. whenever you log in, open the app, tap the appropriate token, and enter the code it shows into the input box on the website.

Why did I wait so long to do this? It's e-e-e-easy!

· · Web · 2 · 1 · 1

Ah, forgot step 5: save backup codes the site provides into your password manager. Or maybe set up more second factors.

Also, before you ask: yes, Mastodon supports 2FA: App Settings → User Preferences → Account → Account Settings → Two-factor Auth

Show thread

@Sylphox Isn't it pointless to store both the passwords and the tokens in the same wallet? That can hardly be called a two-factor authentication, since there's just one factor (the wallet) that happens to produce multiple secrets.

The only attack that I can think of that this approach would stop is someone stealing the site's password, e.g. from the clipboard. All other attacks are still just as easy as without 2FA.

Sign in to participate in the conversation
Functional Café

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!