Harley 🐝🌿Feb 21

- do you want to use google to sign in?
- do you want to add a passkey?
- do you want to add a 2FA token?
- we know you have 2FA but we've sent you an email instead
- this login attempt seems suspicious we've sent you a text about it
- can you click on these buses?
- you failed to click on the buses click on these bicycles instead
- should we save these details for next time?
- do you accept these trackers?
- you can opt out but we've decided it's legitimate interest anyway
- would you like to see a list of our 847 partners we share your data with?
- can we send you desktop notifications?
- can we access your location?
- do you want 10% off for signing up to the mailing list?
- do you want me to translate this page?
- hi I'm your friendly chatbot how can I help?
- oh no you can't buy this, reach out to us for a quote!
- do you wantβ€”

I'm tired boss

Show threadIAmTorva

@lichendust For me the most frustrating was logging into Microsoft Authenticator on a new phone. With no access to the old one.

- You have 2FA configured.
- You must use 2FA to login.
- Cannot use 2FA - Use alternative method.
- To use alternative method, you must login first.

Back to the start
- You have 2FA configured.
- You must use 2FA to login.
- Cannot use 2FA - Use alternative method.
- To use alternative method, you must login first.

Resetting 2FA didn't break the loop. Instead, they still expected me to use Microsoft Authenticator to login to Microsoft Authenticator.

The only way out of this loop was to use Google Authenticator.

Feb 21 at 6:59pmWeb
Show threadKerr Avonsen (she/her)Feb 21

@TorvaFirmus @lichendust This demonstrates exactly why a phone is a Single Point of Failure.

Why don't they teach them comp.risks at these schools?

Show threadYenn dc β˜‚οΈFeb 24

@TorvaFirmus

Just use Aegis. Much better than either of those. ;3

Show threadIAmTorvaFeb 24
@yenndc Never heard of Aegis. Who owns that?
Show threadYenn dc β˜‚οΈFeb 24

@TorvaFirmus

Aegis Authenticator?

It's GPL-ed software, so no one, at least in the usual sense. πŸ˜‰
There isn't any corporation backing its development either (AFAIK).

You can check its "promotional website": https://getaegis.app/

Or it's code repository: https://github.com/beemdevelopment/Aegis

As a little green flag, it's available on F-droid as well: https://f-droid.org/packages/com.beemdevelopment.aegis

Aegis Authenticator

Aegis Authenticator is a free, secure and open source app for Android to manage your 2-step verification tokens for your online services.