| ▲ | tadamcz 4 days ago | |
Using a security key as 2FA instead of TOTP would have prevented this attack, right? If you maintain popular open source packages for the love of God get yourself a couple of security keys. | ||
| ▲ | SahAssar 4 days ago | parent [-] | |
Well, that would also require all the services to support webauthn/FIDO, which a lot of them don't. Some who do support it only allow one key or trivial bypass via "security questions". | ||