Can no-one help? There has to be something better than forever suffering under the tyranny of two-factor authentication for just bloody EVERYTHING

misk@sopuli.xyz · 10 hours ago

Can no-one help? There has to be something better than forever suffering under the tyranny of two-factor authentication for just bloody EVERYTHING

subtext@lemmy.world · 8 hours ago

This is a pretty terrible take… if you take just a little bit of time to set up a password manager and use the browser plugin it is all just one password away. I actively seek out additional 2FA because it’s just simple and seamless, where my password manager will put the TOTP code on my clipboard ready to paste, or it’ll automatically pop up when the site asks for a passkey (like Google, referenced in the article).

Just sounds like this dude is whining about a problem that he doesn’t want to solve for himself.

SzethFriendOfNimi@lemmy.world · edit-2 9 hours ago

The hassle and delay is part of how it works. If there was a seamless catch all then it wouldn’t be feasible to make it secure.

Having a second physical factor, as much as it can be a hassle, is much better than any single factor.

Your password can be breached, brute forced, bypassed if there’s an issue somewhere.

Your biometrics can’t be changed so anything that breaks them (such as the breach of finger prints in databases, etc) makes them moot.

A single physical token can be stolen and/or potentially cloned by some attack in physical proximity (or breach of an upstream certificate authority)

But doing multiple of those at the same time. That’s inordinately much harder to do.

I will say the point/gist of the article is a good one. The variety of types some used here and others used there does make it a hassle to try to wrangle all the various accounts/logins. Especially in their corporate and managed deployment which isn’t saving passwords and has a explicit expiration of credential cache (all good things)

RightHandOfIkaros@lemmy.world · 9 hours ago

“Allow me to introduce myself.”

~ Three Factor Authentication

i_dont_want_to · 9 hours ago

Has science gone too far?

Hupf@feddit.org · 8 hours ago

deleted by creator

Pika@sh.itjust.works · edit-2 9 hours ago

I don’t care about a second layer of security on most of my things, like Lemmy for example, I really don’t care if it’s secure. My blizzard launcher, I really don’t care. my discord? ok maybe a little

Being said due to this, I have both my TOTP and my Passwords in the same program. It still requires a second password to access, but it removes a little of the security. My vault is encrypted by a private key plus a password, and any type of off-system storage is encrypted an additional level past that, if someone gains access to that vault, I have far worse issues at hand then someone managing to steal my accounts.

schizo@forum.uncomfortable.business · 8 hours ago

I have both my TOTP and my Passwords in the same program

What’re you using for this?

I’m using Bitwarden in a similar configuration but given they’re being funky about their definition of ‘open source’, I’m maybe looking for an alternate.

Pika@sh.itjust.works · 7 hours ago

I’m using keepassXC with syncthing as my sync service, with my server as an encrypted longterm storage. It’s pretty flawless, just make sure that you keep file versioning on(its a setting in syncthing) for at least 2 versions, I haven’t had it happen yet but, with any dual system setup there might be a sync conflict if it fails to sync before being modified.

socsa@piefed.social · 8 hours ago

The better alternatives are worse though. Key based authentication would allow you to effectively authenticate a trusted account on a trusted device with a single action, but requires you to not lose your keys, or to have a multifactor fallback. This is what I want tbh - I tap my yubikey when I set up my phone, and now it doesn’t require passwords. For extra security, require tap on boot.