Authenticating to a website, 2010: Type in username and password
Authenticating to a website, 2024:
- Type in username
- Look up 20-character password in password keeper
- wait
- Prompt for 2FA token
- Dig out phone
- Unlock phone
- Scroll through 50 services to find 2FA token for website
- Type in 2FA token
- Success
- Receive email alerting you to the fact you've logged in
- Six weeks later: receive email telling you service had been compromised eight weeks ago and you must change password.
@jzb Actually you fogot a few steps:
- Select "Login with Username&Password"
- Type Username
- Hit Next
- Reject loggin in with FIDO2
- Lookup Password in password manager
- Type the password manually, because Copy&Paste is blocked
- Uncheck "Store password"
- Hit Next
- Reject storing the password in your browser
- Select other method for second factor to avoid SMS
- Search for current 2FA code in your phone app
- …
- Check the "I am a human" checkbox
- Wait
- Identify and select fire hydrants from some crappy images
- Wait, maybe there comes another fire hydrant ...
- Hit next
- Mark 3 crosswalks on a grid
- Hit next
- Wait
- Redirect to the index page of the website and you totally forgot what you want here in the first place.
Joe Brockmeier (@jzb)
BenBE
Aarøn 🇪🇺 🇺🇦 