Open lifenautjoe opened 5 years ago
Even Facebook now prefers TOTP via apps like Duo or Google Authenticator now or what's built into 1Password. I'm very much in favor of this method.
I agree with genebean. Also, using SMS for multi-factor is really insecure given that more people have access to SMS on their computers. (Both Android and iOS has this feature native now.)
My wife has her SMS messages come up all the time on her iPad and my boys read them outloud to her. We can no longer assume that an SMS acct is restricted to one device. And this makes MitM intercepts possible.
I want Fidokeys with pin per mail as fallback. 2FA should be configurable differently for desktop and app.
Shouldn't have to explain the why of this one.
The question remaining is what specifically.
Do we want to implement TOTP ? Do we design the UX to prioritise a particular app for this such as Google Authenticator or Authy?
Do we implement SMS text based 2 factor auth that although it's not that secure, easier to use than TOTP ?
Input very much welcomed.