Casey Reeves (it/its)5d ago

Here's a guide on how to implement 2FA that paypal followed along nicely:
First step: enforce the use of an authenticater app as a backup method, with no other way around it.
Step 2: allow the user to then add *only* ONE physical security key, because who'd need two of them anyway? One of the fundamental ideas behind having physical security tokens is to have at minimum two of them in the first place, but never you mind.
step 3: confirm that the key has been added to the user's account, get rid of the add security device button
step 4: tell the user they can now log in with their security key.
The result? You're using a security key that's not registered with this website.
Log in with your authenticater app or passkey, because why not use that instead? Go into settings and confirm that your security key is actually present and that paypal just decided to be a complete idiot.

#2FA #epic #fail #securitykey #twofactorauth #wtf

Ole JägerMay 21, 2025
🔒 Erhöhe deine Online-Sicherheit mit der Zwei-Faktor-Authentifizierung! Sie fügt eine zusätzliche Sicherheitsebene zu deinen Passwörtern hinzu, indem sie etwas verwendet, das du kennst und das du hast. 📱 Aktiviere es jetzt und sei sicherer im Netz! 🌐 #CyberSecurity #TwoFactorAuth #OnlineSicherheit
🐦‍🔥nemo™🐦‍⬛ 🇺🇦🍉Jun 4, 2024

🔒 Secure your online accounts with SoloKeys! 🔑
Open-source security keys built with Trussed®.
Works with Google, Facebook, Twitter & more.
Get yours now:

https://solokeys.com/

#SoloKeys #SecurityKey #TwoFactorAuth #FIDO2 #OpenSource

SoloKeys

The first open source FIDO2 security key, built with Trussed®.

SoloKeys
Show thread🪬🍄🌈🎮💻🚲🥓🎃💀🏴🛻♓🧿May 3, 2024

Where do you keep your two-factor auth backup codes?

#2fa #security #twoFactorAuth

text file on a physical device (usb stick)
31.3%
text file backed up to the cloud (google keep)
12.5%
piece of paper (sticky note)
50%
I don't (yolo)
6.3%
Poll ended at .
Show thread🪬🍄🌈🎮💻🚲🥓🎃💀🏴🛻♓🧿May 3, 2024

The funniest part is that no matter how many security factors we use to replace passwords (two factor auth, passkeys, security keys, etc) there's always a backup that's just another password.

#twoFactorAuth #2fa #password #auth #authentication #security #passkeys #webauthn #fido2 #passkey #passwords

Serious MimaFeb 15, 2024
Why does #Sharkey / #Misskey need an "authenticator app" registered before you can use a hardware key? That doesn't make sense #security wise.

Yeah I know it's to prevent people from just accidentally getting locked out of their accounts, but there should be an option for #FediAdmins to allow this risk. 🤔

#2FA #yubikey #hardwarekey #cybersecurity #twofactor #twofactorauth #twofactorauthentication
Malte Bublitz Feb 13, 2024

https://lego.com unterstützt jetzt einen Code via E-Mail als zweiten Faktor für die Authentifizierung 👍🏼

#lego #2fa #twofactorauth

RonanMar 15, 2023
This is just ridiculous from the #birdsite #twofactorauth
RastalFeb 18, 2023

SMS should only ever be used for 2FA if no better option exists. Authentication apps and hardware security keys are considerably better options.

#twitter #twofactorauth

olekstomekFeb 13, 2023
Check out this awesome two-factor authentication app from 2FAS: https://2fas.com
#opensource #2fa #2fas #twofactorauthentication #twofactorauth #security
2FA Authenticator App (2FAS)

2FAS (2FA Authenticator App). Protect your accounts and online services.

2FAS.com