Mastodawn

@Epic_Null The passkey-as-identity-proxy problem is real. "Sign in with passkey" quietly becoming "sign in with your sync provider" is a meaningful threat model shift that most services aren't documenting, let alone thinking about. TOTP isn't glamorous but at least the trust boundaries are legible. The hard conversations are overdue.

Fob 14h ago

Passkeys are real progress. They're also not universal yet, and most services still fall back to TOTP codes when passkey support isn't available or isn't trusted.

If you're managing 20+ accounts today, you still need a solid 2FA setup. That gap isn't closing overnight.

Fob is built for exactly that reality - a clean TOTP app for the accounts that aren't passkey-ready yet (which is most of them).

Fob Apr 24

Hello infosec.exchange. Fob is a 2FA app from Cleargate Labs, currently pre-launch, Android first.

Three things we're doing differently:

- Multi-tag accounts. One login can be "crypto" and "exchange" and "high-value" at the same time. No other authenticator does this.
- Zero-knowledge sync. Vault encrypted on-device with Argon2id + AES-256-GCM. The server can't read your codes.
- Export always. Your data is yours, regardless of what happens to us.

fob.codes

#2FA #infosec #authenticator #appsec