| ▲ | jvanderbot 9 days ago |
| Did people not realize they can save their 2fa token and just use that with a new authenticator? I haven't used a phone 2fa forever, but it was a much better system than this "email me a code" BS. |
|
| ▲ | 0xCMP 9 days ago | parent | next [-] |
| I do something similar with KeePass because a lot of my 2FA is stored on my YubiKey. When I register with YubiKey I also register with a KeePass vault intended as a "break-incase-of-emergency". So rarely opened and with lots of security options set to max. |
|
| ▲ | rPlayer6554 9 days ago | parent | prev | next [-] |
| For a long time 2fa apps (other than Bitwarden and maybe some others) would lock you into the app and not let you export it. Websites don’t usually expose the text version of the code, just the QR. |
| |
| ▲ | electroly 9 days ago | parent | next [-] | | I recently switched from Authy to 1Password for 2FA, requiring me to set up every single website's 2FA from scratch, and I found that every website I use provides the text version of the code. It's hidden behind a "having a problem scanning the code?" link. I didn't need to take a single screenshot of a QR code; I was able to save the text version for them all. Next time I switch, it'll be easy. | |
| ▲ | jandrese 9 days ago | parent | prev | next [-] | | I've never found a TOTP site that didn't also have a "click to show the code" option. It's usually in small print at the bottom, but it's there. | |
| ▲ | seplox 9 days ago | parent | prev | next [-] | | It's easy to screenshot or physically print a QR code during setup. | |
| ▲ | 20after4 9 days ago | parent | prev | next [-] | | There are desktop totp apps that will decode the QR code from a screenshot in the clipboard. | |
| ▲ | bvrmn 9 days ago | parent | prev | next [-] | | QR has trivial format and code is easily extractable. | | | |
| ▲ | jvanderbot 9 days ago | parent | prev [-] | | Almost all (not you, steam) allow saying "I cannot take a picture" or "Enter manually" But you're right, it's not perfect but has gotten better. Just in time to be of no use thanks to email BS. |
|
|
| ▲ | phkahler 9 days ago | parent | prev [-] |
| >> Did people not realize they can save their 2fa token and just use that with a new authenticator? What's 2fa token? Is that an AI thing? AI uses tokens. Or a crypto thing? Do you need one of them "nonfungible" tokens? And what's an authenticator? I have MS authenticator for work, but it uses 2 digit numbers, are those tokens? |
| |
| ▲ | bobbylarrybobby 9 days ago | parent | next [-] | | Not sure if I'm missing a joke, but the 2fa token is a secret that you stick in your password manager and sync (or otherwise send) to other devices so that your 2fa is not bound to a particular device. My password manager lets me view the 2fa secret as if it were just another password. | | |
| ▲ | phkahler 8 days ago | parent [-] | | Yes, I was joking. I'm not up on all the options and I'm an engineer who read HN. What chance does Joe public have of making sense of all these things? |
| |
| ▲ | nilamo 9 days ago | parent | prev [-] | | 2fa is two factor authentication. User+password is the first factor, and is a "something you know" check. The second factor is a "something you have" check. Like sending you an SMS code. They exist so if someone watches over your shoulder while typing your password, they don't gain access to anything. |
|
