mccMay 25, 2023
As I awoke this morning from uneasy dreams I found that Google had replaced my authenticator app with an anus drawn by Kurt Vonnegut
Show threadmccMay 25, 2023
…wait I'm sorry, fucking *what*? "back up your authenticator codes to the cloud"?! Isn't it *literally* no longer 2FA then? Like at that point the test the authenticator performs isn't "do you have the physical device" it's "do you have access to the Google account". Why not use a Google password manager and skip the authenticator?!
Show threadrain 🌦️
@mcc Cloud backups for TOTP are table stakes these days (the availability loss is unacceptable for most people, too many people have been completely locked out from their accounts due to Google authenticator). As long as they're e2ee they're fine
May 25, 2023 at 4:15pmWeb
Show threadmccMay 25, 2023
@rain I don't think I understand why I am at the table then.
Show threadrain 🌦️May 25, 2023
@mcc This is a good post about how one-timeness is more important than 2fa for most people: https://blog.1password.com/totp-for-1password-users/
TOTP support comes to 1Password | 1Password

1Password 5.2 for iOS and 1Password 4.1.0.538 for Windows are out, and they provide support for using Time-based One Time Passwords (TOTP).

1Password Blog
Show threadsamir, actually the xkcd top hat guyMay 25, 2023

@rain @mcc Google have said it’s not E2EE, unfortunately. https://twitter.com/christiaanbrand/status/1651279598309744640?s=20

They claim it’s coming but *shrug*

Christiaan Brand on Twitter

“(1/4) We’re always focused on the safety and security of @Google users, and the newest updates to Google Authenticator was no exception. Our goal is to offer features that protect users, BUT are useful and convenient.”

Twitter
Show threadrain 🌦️May 25, 2023
@samir @mcc Welp