Either by sending a code to SMS or Email, you are able to sign into your account without ever needing to or being able to add a password. Why has this become a thing recently?
Either by sending a code to SMS or Email, you are able to sign into your account without ever needing to or being able to add a password. Why has this become a thing recently?
It is coding for the lowest common denominator of user – those who use the same easily-guessable password for everything. Making them click a link to login is honestly better security.
Of course there should be an option for those of us who have a TOTP app and use a password manager.
Can’t brain today, I have the dumb. What’s TOTP, other than that BBC show?
Time based one time passwords. Those (usually) six digit codes which get replaced every 30 seconds or so. During setup you copied the secret to your device (usually smartphone) and now your device and the server you authenticate at can calculate the same secret code every thirty seconds.
Which reminds me: I just got a new phone and totally forgot about Authenticator apps
I was able to recover one but the other is lost and I still need to get those accounts reset
Adding a shameless plug here: Aegis is available on f-droid and allows you to backup your 2FA secrets on your own server (e.g. own nextcloud) in case you don’t trust the default Google authenticator.
I’m due to rebuild my lab this winter so I’ll make sure to take a look
Famous last words before emerging 3 years later.