this post was submitted on 11 Sep 2023
35 points (97.3% liked)

Privacy

31903 readers
378 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Is this some sort of a convenience feature hidden behind a paywall to justify purchasing their subscriptions or does generating the codes actually cost money? If the latter is the case, how do applications like Aegis do it free of cost?

you are viewing a single comment's thread
view the rest of the comments
[โ€“] amju_wolf@pawb.social 4 points 1 year ago (1 children)

I think its almost good its forced on normies

Sure, but ideally there should be an option to opt out for most things. Sometimes you get forced into it for the dumbest stuff.

And, like, don't forget that everyone's use case is different. For most people, Google account is really important. But I might use it as a burner account and not care about its security almost at all. Then MFA is only annoying.

is it really that much to have a separate password-locked 2fa totp app

I use PC for most of what I do (both work and leisure). There's a major difference between having TOTP autofilled and having to find my phone, pick it up, unlock it, find the authenticator app, click/find the correct authenticator, then typing in the code.

Again, depends on the account, but for the vast majority of my accounts it's complete overkill.

Doesn't help that many providers don't properly remember devices/logins. If I had to sign into a given account once a year I wouldn't care much. But when it's monthly or more (for many, many accounts), and half of them don't even remember the device and ask for OTP every time, it truly is a pain.

if your main computer gets compromised or keylogged, then accessing one 6-digit code is worthless unless used in the next 30s, unlike the totp secrets

Realistically if my main computer gets compromised I'm royally fucked either way. I try to be safe in general, know what I'm doing for the most part (definitely more than your average user, though that's probably true about literally everyone on Lemmy) and in like 20 years since I had access to a computer I never had an issue, so I'm probably doing something right (and I used to do way, way dumber stuff on much less secure systems than one has today).

But yeah, you're right I probably shouldn't have OTP in my password manager at least for my primary email. I'm sure I'll get to fix that someday...

[โ€“] darcy@sh.itjust.works 1 points 1 year ago

i agree with your point about different use cases.