A robust alternative to 2FA has to take into account three super common scenarios:
- you are in a foreign city and have been mugged, your wallet and phone have been stolen from you
- you have dropped your keys down the drain
- you are homeless, your phone has just died, and your only computer is a public access library computer running Internet Explorer 6. you are not able to afford a monthly subscription to Bitwarden
@alexandria honestly there is no version of 2FA that feasibly can solve all of these problems, since at the end of the day… if you lose all of your belongings, "something you have" will be included in those belongings
imho the only acceptable solution here is:
@clarfonthey @alexandria The only acceptable solution is: any 2fa solution must allow opting out of 2fa and authenticating solely with "something you know", the only thing that can't be taken away from you*
* without extreme violation of longstanding norms about physical harm to a person's body
Basically that's a classic TAN:
https://mstdn.social/@kkarhan/110271086419549862
@[email protected] that basically only allows #iTAN as method, since those can be printed out or stored otherwise. https://en.wikipedia.org/wiki/Transaction_authentication_number#Indexed_TAN_(iTAN) If necessary, the system would generate a new iTAN each time after successful login and demanding it for the next login, and so forth.
@alexandria Don't leave out:
- you are a refugee and you just crossed a border.
and:
- you're forced to flee someplace and everyone around you will try to KOS you if they identify you.
Again: #TAN or rather #iTAN is the next best option.
https://mstdn.social/@kkarhan/110271086419549862
@[email protected] that basically only allows #iTAN as method, since those can be printed out or stored otherwise. https://en.wikipedia.org/wiki/Transaction_authentication_number#Indexed_TAN_(iTAN) If necessary, the system would generate a new iTAN each time after successful login and demanding it for the next login, and so forth.
@alexandria that basically only allows #iTAN as method, since those can be printed out or stored otherwise.
https://en.wikipedia.org/wiki/Transaction_authentication_number#Indexed_TAN_(iTAN)
If necessary, the system would generate a new iTAN each time after successful login and demanding it for the next login, and so forth.
To add a few (if that's ok)
- Your kid has hidden your keys somewhere, you are pretty sure they are still in your house but won't find them for a few days/weeks
- Your kid dropped your phone in the toilet to see what it sounds like
- You've been involved in a car accident and your phone is now in an evidence locker somewhere because it was being your GPS.
@alexandria "The police has seized your phone".
Honestly our "phones" are such crucial parts of our lives these days it's ridiculous and a horror scenario to recover from.
@pdcawley If you want to make an initial contribution that will last beyond the dismantling of the patriarchy, why not volunteer to help libraries keep more up-to-date with technology? 🤔
@alexandria only possible solution I can think of is password plus a hardware auth device that is embedded in the users body so it can't be stolen.
It's extremely impractical but I think it might be the only thing that would actually work so long as it can't be breakable.
Astryr Cyberfæ 
Jason Petersen (he)
BenAveling
clar fon
Cassandrich
Kevin Karhan 
easrng 
Haelwenn /элвэн/ 
IIVQ
Dieu
Luna Macrosystems✡️🤖🏳️⚧️
Grant Gould
🎓 Doc Freemo 
🇳🇱
Faisal Misle
ᘻσᘉᖽᐸ σᖴ ᖶᕼᘿ ᕲᘿᘻσᘉ
Matt Campbell
requiem 🦫
Emily S
Lars Marowsky-Brée 😷
Resuna
Piers Cawley
Christopher Neugebauer
DHeadshot's Alt
silentw
mothcub
Matando
Dakedres
Seedy Three Sixty
F.U. 🅭…
Menno
cryo2go :unverified:
Crystals