| ▲ | Beijinger 4 days ago |
| "reset the Coinbase" You must be insane to use gmail for anything like banking, crypto, domains. I lost access to my gmail account. I know the PW but I can't access the 2 factor authentication anymore. |
|
| ▲ | kevin_thibedeau 4 days ago | parent | next [-] |
| This is why 2FA isn't all it's cracked up to be. Strong passwords kept in your head are less brittle than managing something you can lose. If you have a real support channel (like employer IT) to deal with loss it's workable. Online services with no support is just asking for trouble. |
| |
| ▲ | TheDong 4 days ago | parent | next [-] | | 2FA can be all it's cracked up to be. A Yubikey you have to physically possess, and physically touch, to login to a site is completely immune to this. Yes, you need to buy hardware, yes you need 1 or more backup yubikeys in a bank safe somewhere in case your primary one breaks, but it is actually safe. Strong passwords in your head are bad because they're even more phish-able. Like, with FIDO2, my yubikey will not login to "fake-coinbase.com", the attacker cannot proxy the data they get from the yubikey. For 2FA TOTP codes and for passwords, a phishing page can just proxy through the stuff to the real coinbase and login (as happened in this attack). | | |
| ▲ | Beijinger 3 days ago | parent [-] | | Yubikey is great. But I would be scared as f. to lose it when traveling abroad. Sure, have a second one at home that can be Fedexed to you. |
| |
| ▲ | commandersaki 3 days ago | parent | prev [-] | | Eh just use a password manager; I use 1Password, it sync's to all my devices, I keep backups of everything (export primarily in json), autofills the 2fa codes, etc. |
|
|
| ▲ | 4 days ago | parent | prev | next [-] |
| [deleted] |
|
| ▲ | digianarchist 4 days ago | parent | prev | next [-] |
| 1password + hardware keys - I am not a large target though and use crypto transactionally. |
|
| ▲ | nixosbestos 4 days ago | parent | prev [-] |
| I'd certainly be insane to take security advice from people who don't use password managers |
| |
| ▲ | john_the_writer 3 days ago | parent | next [-] | | I mean. I have a little book on my desk with password hints. "2nd grade best friends phone number", "birthday of first dog". It also has a grid of random numbers/letters on the front page, so I can write "first_crush_b4*5". You'd have to have physical access to the book, and know what the hint leads to. It's un-hackable. I mean aside from social, or physically breaking into my house. | | |
| ▲ | nixosbestos 3 days ago | parent [-] | | Which doesn't do a darned thing to keep your from getting phished. Which again, keeps popping up on HN, over and over and over. |
| |
| ▲ | nixosbestos 4 days ago | parent | prev [-] | | downvote all you want, this is third time in a month that basically "opsec" failure would've been prevented by a password manager that binds to domains, or passkeys. Both of which people regularly kvetch about here. |
|
