this post was submitted on 17 Jan 2025
647 points (98.8% liked)

Microblog Memes

6325 readers
2865 users here now

A place to share screenshots of Microblog posts, whether from Mastodon, tumblr, ~~Twitter~~ X, KBin, Threads or elsewhere.

Created as an evolution of White People Twitter and other tweet-capture subreddits.

Rules:

  1. Please put at least one word relevant to the post in the post title.
  2. Be nice.
  3. No advertising, brand promotion or guerilla marketing.
  4. Posters are encouraged to link to the toot or tweet etc in the description of posts.

Related communities:

founded 2 years ago
MODERATORS
ReadyUser31@lemmy.world
aeronmelon@lemmy.world
647
I had a neighbour friend who was not a mortician but embalmed his own wife. (lemmy.world)
submitted 1 week ago by BonesOfTheMoon@lemmy.world to c/microblogmemes@lemmy.world
321 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[โ€“] perviouslyiner@lemmy.world 4 points 1 week ago (1 children)

2FA is scary - if someone grabs this phone, I can't do any work, can't log in to email to change passwords, can't log in to the bank to report stolen cards, can't even buy another phone online.

[โ€“] MystikIncarnate@lemmy.ca 2 points 3 days ago

This is the issue with the current state of 2FA. It's either text driven (SMS) or it's app driven, like the Microsoft authenticator, as an example.

Often "backups" overlap. Like people will use SMS as a backup to the Microsoft authenticator, when the MS authenticator is on the same device as the phone number for SMS verification.

Real, actual, good MFA, only has the problem that people don't keep backup tokens around. If you use a Fido2 keyfob, you really should have a second one that authenticates the same systems the same way, but stored securely away from the one you carry with you.

In that context, backups are actually valid, because if the authenticator is on your keychain and you lose your keys, you have access via a backup on your phone (TOTP or similar).

If you lose your phone, you still have your Fido2 key as primary authentication.

If you lose both, you go and retrieve your backup security key and use that.

It becomes much more difficult to lose access if you're aware of the limitations of the systems you use. For me, I use a password manager, for login I have biometrics from my PC, biometrics from my laptop, two security key fobs, and a backup TOTP code stashed away. I also got recovery codes and sent them securely to a trusted friend.

The only things not using a password from my password manager is my main email, which is used as a backup/recovery email for most services, my password manager itself, and my primary bank. For all of these I use unique, memorized passwords that are not short. Any service that can use MFA has MFA set up, with the only exception being those that only support SMS as MFA. Fuck that. If fido keys are allowed, then I set those up If not, I use TOTP.

The TOTP keys are backed up and stored securely in an online system built for security for this kind of data.

I have contingencies on contingencies for my own access, but many people don't even have one, or even a plan on what to do if things go sideways.

It's a phenomenon I've noticed a lot, it's like Rose colored glasses for getting things set up. People like to see how it works and get everything operational and happy, with absolutely no thoughts towards what happens when it fails? How will it fail and what will we do when it does? How do we recover? How do we continue to operate until everything can be put back together?

They see it's fancy and works for them, and they're super secure because they have MFA, but it's only one kind of MFA, and they only have one of them. But they feel good because they have it.

Then they act shocked when their single MFA method breaks and they lose their accounts because they're stupid.