@sushimcpe I guess #Microsoft does bespoke things (like #Fortinet) instead of existing Standards like #TOTP & #HOTP…

• Or does it spit out standard #2FA codes like 918273 ?

I have posted the initial version for the analysis on 'are #HOTP #zeroknowledge proofs'.
Although the blog post is not very mathematical in nature, I seem to have covered all relevant aspects. Previous social media posts covered the gist, but there is more detail present in the blog post.

https://dannyvanheumen.nl/post/analysis-are-hotp-zero-knowledge-proofs/

#zeroknowledgeproof #security #computerscience #MFA

Intuitive explanation for #zeroknowledge #zeroknowledgeproof analysis for #HOTP #MFA principle.

#security #analysis

@sleepybisexual also anything but #TOTP & #HOTP is just garbage.

• Personally, I think the only good #2FA is #PGP-based but very few sites support it.

@dalias nodds in agreement...

• I can understand it for #business #communications and all the crappy #SaaS corporations use to keep their shit up and running.

• Like #GitHub, #Slack, #GoogleWorkspace and all that cringe.

I can see why they want to push for #2FA and have #business customers mandate that for accounts cuz "#CheckboxSecurity" and stuff...

• But even then corporate security and supply chain security should not rely on those solely...

Worst when #2FA doesn't allow #privacy-friendly options like TANs and/or #TOTP / #HOTP but demand #PII like a #PhoneNumber!

• Mandating #eMail and using that for 2FA is also a shit idea...

@ohno_itsnate @GrapheneOS I recommend looking at #TOTP & #HOTP for #2FA.

As for devices, I can vouch for @nitrokey !