this post was submitted on 05 Jun 2024
48 points (78.6% liked)
Open Source
31438 readers
195 users here now
All about open source! Feel free to ask questions, and share news, and interesting stuff!
Useful Links
- Open Source Initiative
- Free Software Foundation
- Electronic Frontier Foundation
- Software Freedom Conservancy
- It's FOSS
- Android FOSS Apps Megathread
Rules
- Posts must be relevant to the open source ideology
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon from opensource.org, but we are not affiliated with them.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
If you're not already using 2fa everywhere you can, you're already doing it wrong.
2FA is for people who don't know how to use randomized passwords for every site
Brilliant. Until that website's unsalted pw database is downloaded through a SQL injection.
Use both. You're not smarter than security professionals.
So yes, it is slightly better, but in practice that difference probably doesn't matter. If you use U2F then you may have a meaningful security increase but IMHO U2F is not practical to use on every site due to basically being impossible to manage credentials.
So yes, it is better. But for me using random passwords and a password manager it isn't worth the bother.
Called it
The day your machine is compromised is also the day ALL your passwords get stolen.
2FA is annoying and not necessary for most things.
Yeah I just want to type my name to be able to withdraw money from my bank account. No pesky pins or passwords or any form of authentication /s
Even in my bank's ATM there's only one password, not 2FA. 2FA is 2 factor auth, there's no 2FA in the ATMs.
It doesn't mean the initial password isn't a layer of authentication, but strictly speaking where I live all ATMs do not employ 2FA.
The two factors at an ATM are possession of your bank card + knowledge of your pin. (it also takes your photo, for good measure)
GitHub will happily accept a smart card or whatever, if an extra plastic rectangle jives with you more than an OTP generator.
Card is your username duh. Some people are beyond saving.
The card number is your username, a physical card is a separate factor.
"Something you have" is absolutely not equivalent to "something you know"
You are completely unable to enter this conversation, but you think you're the smartest one in the room.
I bet you're insufferable.
You only need a password for the ATM, not a card and a password, which are two factors?
All security is annoying. Oh well.