Favorites - This is incredibly well said and I agree 100%. I’ll just add that software...

IHawkMike , 1 month ago

This is incredibly well said and I agree 100%. I’ll just add that software TOTP is weaker than the MS Authenticator with number matching because the TOTP seed can still be intercepted and/or stolen by an attacker.

Ever notice that TOTP can be backed up and restored to a new device? If it can be transferred, then the device no longer counts for the “something you have” second factor in my threat model.

While I prefer pure phishing-resistant MFA methods (FIDO2, WHFB, or CBA), the support isn’t quite there yet for mobile devices (especially mobile browsers) so the MS Authenticator is the best alternative we have.

Reply

Report

Activity

Open original URL

Copy original URL

Copy Mbin URL

Loading...

AdamEatsAss 1 month ago
zzz711 1 month ago
praz4lemmy 1 month ago
Mortoc 1 month ago
attorneyirl 1 month ago
AtariDump 1 month ago
zxcq 1 month ago
silverdraco 1 month ago
CopernicusQwark 1 month ago
TeryVeneno 1 month ago
HeyThisIsntTheYMCA 1 month ago
Kiwaloo 1 month ago
ThatsMyPurseIDontKnowYou 1 month ago
agoseris 1 month ago
Kaiyoto 1 month ago
Gurfaild 1 month ago
Evoliddaw 1 month ago
intrapt 1 month ago
Tramort 1 month ago