Tuta

Two locks are better than one lock, right?🔒 And the same should apply for your online account credentials! That's why 2FA, like U2F, stops >99% of automated account attacks.

Find out more on why you should use U2F 👉

https://tuta.com/blog/why-u2f-is-important

Mar 28 at 12:07pmWeb
Show threadGuy Incognito2d ago
@Tutanota its a shame a lot of websites still want to use SMS for their 2FA. I have an account with a big bank that won't allow me to use my preferred 2FA method, while another account I have with a small town bank will let me 2FA with whatever more secure method I want. Get with it people.
Show threadTuta16h ago
@guyincognito 💯
Show threadErik van Straten2d ago

@Tutanota : rubbish.

Two WEAK locks may be LESS pointless than one WEAK lock, but they're still pointless. Go read https://www.csoonline.com/article/4147134.

U2F has been superseded by FIDO2 (hardware keys in WebAuthn mode) and Passkeys (example in Dutch: https://todon.nl/@ErikvanStraten/116285192238090438).

Both WebAuthn methods have advantages and disadvantages.

If you don't like them, use a trustworthy passwordmanager and:

• Let it create a unique, random, as long as possible, pw per account

• Make backups of the pw mngr database

• Device compromise means "game over"

• Use Autofill (easy in Android and iOS/iPadOS)

• If Autofill does not automatically retrieve your credentials, it probably is a fake (phishing) website. Do read https://www.troyhunt.com/a-sneaky-phish-just-grabbed-my-mailchimp-mailing-list/

Please stop misinforming people.

#WeakMFAsucks #Weak2FAsucks #FIDO2 #WebAuthn #Passkeys #AutoFill #KeePassium #KeePassDX

Show threadBlue Luma2d ago
@Tutanota Android does not supports security keys by default, you need google play services for this 😮‍💨
Show thread~ $ Cosipa2d ago
@blueluma @Tutanota Not true actually, you can download Authnkey from fdroid that provides the "UI" needed for hardware passkeys to work without google play services. https://github.com/mimi89999/Authnkey
Hopefully this helps!
GitHub - mimi89999/Authnkey: Passkey credential provider for hardware security keys

Passkey credential provider for hardware security keys - mimi89999/Authnkey

GitHub
Show threadRealGene ☣️2d ago
@Tutanota
JFC, this should have been the first sentence in that blog.
DEFINE ACRONYMS AT THE FIRST USE.
Show threadDigitalDigger2d ago
@Tutanota in France, for banks you have to have a password only with digits and I never saw a proper 2FA with an external app. They are still in the previous century
Show threadTénno Seremél’2d ago
@Tutanota I’d rather have a good long password.