Privacy

30012 readers

1284 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago

MODERATORS

Privacy@lemmy.ml : An open source two factor auth app that syncs keys between devices? (lemmy.world)

submitted 2 weeks ago by TheTwelveYearOld@lemmy.world to c/privacy@lemmy.ml

19 comments fedilink hide all child comments

Isn't the value of two factor auth that it requires a physical device (your phone or computer) with the auth key to authenticate you? Then why don't many two factor auth apps seem to support syncing? If it's fine to do so, are there any open source cross platform apps that sync keys?

you are viewing a single comment's thread
view the rest of the comments

[–] lemmyvore@feddit.nl 21 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

Many people have a warped understanding of what "two factor" means.

They conflate it with devices and they think it means that one of the factors (why one? which one? who knows) needs to be restricted to exactly one device.

What "two factor" really means is that you should have more than one required factor of authentication so that if one is compromised the attackers still can't get in.

Ideally the factors should be spread across the "something you know" / "something you own" / "something you are" categories to complicate the manner in which they can be compromised.

We can only reliably rememeber a limited amount of passwords, so like it or not we have to use some devices at least some of the time.

The trouble with "something you own" is that it can be lost or damaged or stolen, and if you only have one of it then you're fucked. So adding some redundancy is not a bad idea.

The larger issue is that everybody is stuck into extremely rigid and outdated mindsets that date back decades. "Two factors" don't have to be exactly two, and they don't have to include exactly one password, and so on. It should be fine if you wanted to secure your account with 3 passwords, and should be up to you if one of those password is a barcode tattooed on your taint so you need a mirror and to bend upside down to scan it.

Bottom line, use whatever you want and use your best judgment as to how secure is each factor. If you want to use something that syncs to multiple devices, go ahead. What you should consider is who has access to those devices and how it would affect you if they're lost or stolen.

[–] breadsmasher@lemmy.world 17 points 2 weeks ago (1 children)

barcode on your taint

please tell me more

[–] delirious_owl@discuss.online 5 points 1 week ago

This is my preferred storage location for my NFC chips.

It does tend to make the cashier nervous when I stand up on their register and tea bag their POS.