Schneckbert 🐌3d ago
2FA via email and SMS is incredibly bad, you can't change my mind.
Not only is it not secure, it often also does not work
give me TOTP or passkey.

#enshittification #2fa #totp
Show threaderinaceus3d ago
@waldschnecke I would also take U2F (in fact, I would prefer it over TOTP). But yeah, email or SMS for 2FA can gtfo.
Show threadpink2d ago
@erinaceus
The U2F API is not supported any more in modern browsers, better use WebAuthn/FIDO2 (Passkeys).
@waldschnecke
Email/SMS is still better than 1FA 🙂
Show threaderinaceus2d ago
@pink @waldschnecke Now that you say it… it looks like it. But it is weird, I could have sworn I recently used it with my Yubikey. And with my company Yubikey. So that was not U2F, apparently…
Show threadpink
@erinaceus
Unless You have a dedicated #U2F device Yubikeys usually prefer FIDO2.
I *think* it is possible to U2F devices in modern browsers but they have to be re-enrolled (also depends on the security setting).
@waldschnecke
Mar 19 at 4:42pmWeb