Evi SnowMew

I’m seeing more and more companies going #passwordless by removing the option for a password and just sending a #totp one time password via #email.

I’m not a #security researcher (just a lowly software engineer), but this feels like they are making my account less secure and my email inbox an even greater target.

1
shork
Follow

@evi that's not to, totp is the one where you have an app or a device that generates codes based on the time

· · Tusky · 1 · 0 · 1
*
Evi SnowMew

@noiob I am not saying they are guaranteed to use the same RFC 6238 algorithm, but it sure does feel like it. The fact somebody is sending the code instead of me just getting it from my own source:
- is one of the things I really dislike about the entire idea
- shouldn’t have eliminated the password, but just made it a second factor (in this case having access to my email as some proof of “something”)
- doesn’t automatically not make it totp in my understanding, it’s just that one party is both client and server (brr)

0
Sign in to participate in the conversation
Awoo Space

Awoo.space is a Mastodon instance where members can rely on a team of moderators to help resolve conflict, and limits federation with other instances using a specific access list to minimize abuse.

While mature content is allowed here, we strongly believe in being able to choose to engage with content on your own terms, so please make sure to put mature and potentially sensitive content behind the CW feature with enough description that people know what it's about.

Before signing up, please read our community guidelines. While it's a very broad swath of topics it covers, please do your best! We believe that as long as you're putting forth genuine effort to limit harm you might cause – even if you haven't read the document – you'll be okay!

Resources

Developers

What is Mastodon?

awoo.space

  • v3.5.3+glitch

More…

v3.5.3+glitch · Privacy policy