Wow, two-factor authentication on websites without SMS is sure easy these days:

  1. install f-droid.org/en/packages/org.li
  2. on the website where you want to enable 2FA, go to settings and find where it can be enabled;
  3. you'll be offered to scan a QR code. Do it. A new item will appear in the FreeOTP+'s list of tokens;
  4. whenever you log in, open the app, tap the appropriate token, and enter the code it shows into the input box on the website.

Why did I wait so long to do this? It's e-e-e-easy!

Follow

@Sylphox Isn't it pointless to store both the passwords and the tokens in the same wallet? That can hardly be called a two-factor authentication, since there's just one factor (the wallet) that happens to produce multiple secrets.

The only attack that I can think of that this approach would stop is someone stealing the site's password, e.g. from the clipboard. All other attacks are still just as easy as without 2FA.

· · Web · 0 · 0 · 0
Sign in to participate in the conversation
Functional Café

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!