other kind of 2fa/mfa
#1
this is little bit offtopic of pine forums, but i think it interests some users. other kind of 2fa/mfa.

because of possible privacy issues, data collection and locking to close platforms, like google play and apple store, i don't usually like 2fa or mfa. two-factor-authentication or multi-factor-authentication is additional required policy for many services to getting in.

i found by coincidence a reasonable alternative, which can be used for 2fa/mfa systems. essentially, it has no privacy or data collection issues (assuming of usage). it is totp https://en.wikipedia.org/wiki/Time-based...e_password . it is based on time and correct timezone.

i initiated this on some services already, but i don't name those here, because of advertising. quite often, it is called an "authenticator app".

also hardware based totp devices are available, but might be cumbersome to be activated for service.

in debian, there is a package "oathtool". which can used by following, note -b is for base32.

Code:
watch oathtool --totp -b base32-coded-key-here

there is graphical apps as well. base32 is usually a default instead of hex input. for oathtool, hex input is default.

many services require 2fa/mfa, and what annoys me is that those services require an app which is dependent on google play services or apple store. basically forcing closed platforms. totp was created somewhat long time ago, so it has been available as a possible choice already.

this is one example that i'm not necessarily against 2fa or mfa, it is more like, how it is implemented. and there are choices.
  Reply
#2
I just spent several weeks trying to recover from a device with Google Authenticator that quit working. (It was one of several required factors (7FA? 8FA?) for a banking site I'm now trying to get away from. I'm not going to be so quick to go back to Google Authenticator or anything like it. All this 2FA and 7FA stuff is really getting obnoxious. We yoosta do things in person and people knew who people were.
:wq



[ SRA accepts you ]

Everyone wants me to quit using NetBSD
  Reply
#3
It shall be noted that KDE Plasma Keysmith is a dedicated application for TOTP and that GNOME Secrets also supports them. Both can be used on the PinePhone or PinePhone Pro, as well as on the PineTab and Pinebook series and other GNU/Linux computers.

Note that this versatility is also TOTP's drawback from the website's point of view: It can easily be set up on the same device that also stores your password (GNOME Secrets even lets you store both in the same application right next to each other), making it not really two-factor anymore, and the website has no way to even know that you are doing that. So banks and the like are unlikely to allow it.
  Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Just feeling kind of frustrated tbh ImmyChan 1 1,488 08-22-2022, 07:13 PM
Last Post: tllim

Forum Jump:


Users browsing this thread: 3 Guest(s)