consider securing your accounts with 2FA
But authy is the 2FA - what should their users be doing?
That line makes me think AI text generation was involved (or the author didn't understand what Authy does).
It's still a good idea to switch on 2FA and switch to TOTP for services that still use SMS.
Yeah I was curious whether that was an AI hallucination
Not using cloud based 2fa which is dumb to begin with
Okay but they're already using it so its a bit late for that.
Lol so what do you do when the 2fa app you use to protect your accounts is breached?
Authy just leaked a list of phone numbers. No actual 2FA data was breached. Even if it were, attackers would need your backup encryption password to access any 2FA keys.
You may get more phishing texts, but that's about it.
Don't use cloud based 2fa and you won't need to wonder about this.
Aegis is one of several opensource 2fa apps you can use instead.
Ok, but what happens if your phone gets stolen?
The same as for anything else if your phone gets stolen. You restore from backups.
Aegis allows you to make a backup that you can keep yourself on your computer, your own cloud storage etc.
Every OS has some kind of built in vault/encryption feature. Put the file in there. It only needs to be updated when you add another 2fa account (so very infrequently)
Good question. You would need to start by changing all your account passwords. Next export your 2 factor auth codes. Import your auth codes in a good open source auth app. Then, one by one set new auth codes for your accounts.
This should be sufficient to protect your online accounts.
Wouldn't it be great if independent auditors were standard, responsible for holding companies accountable for their data security practices, coupled with a rating system akin to those used in the banking sector? Before paying for a service, consumers would be aware of how secure the service is. Say A++ or AAA.
It would be a pain in Silicon Valley's ass for sure, but it would go a long way toward giving consumers peace of mind and bringing about a whole new industry in the process.
Rating schemes inevitably become subject to gaming and P2W.
Service providers need to be honest about their stack and its implementation, and people need to git gud.
coupled with a rating system akin to those used in the banking sector
No. No, that really would not be great.
The real important reminder here is that you should never use SMS as your 2FA delivery method. Phone numbers aren't private and once associated with an account it's far too easy to spoof/sim swap and intercept the code.
Someone needs to convince US Banks of this
That shit drives me nuts. Wanna be trusted with my life savings, but they can't be bothered to implement modern security features until they're already being phased out. I don't know what will replace modern 2FA schemes, but I guarantee banks will adopt the current ones about three years after the replacements become standard.
Also, they're charging you a poor tax for not having enough money, whether that's a minimum balance or just accidentally spending a nickel more than you had on hand.
Avoid using services that ask for your phone number, for your own good.
Unfortunately all of them do, and if you don't give it to them they won't let you sign up
Is there a service that can't be used without a phone number and has no alternative?
Phone service.
🙃 There might be a few exceptions.
Twilio has a really cool API that lets you resolve phone numbers to what carrier and if it's been ported.
Shame to see they got pwned.
Just moved all my 2FA over to Bitwarden and Bitwarden Authenticator, and deleted my Authy account. I'd already been using it for passwords, so it was a natural fit.
Whoops my bad
The new home of /r/Android on Lemmy and the Fediverse!
Android news, reviews, tips, and discussions about rooting, tutorials, and apps.
🔗Universal Link: !android@lemdro.id
💡Content Philosophy:
Content which benefits the community (news, rumours, and discussions) is generally allowed and is valued over content which benefits only the individual (technical questions, help buying/selling, rants, self-promotion, etc.) which will be removed if it's in violation of the rules.
Support, technical, or app related questions belong in: !askandroid@lemdro.id
For fresh communities, lemmy apps, and instance updates: !lemdroid@lemdro.id
📰Our communities below
Stay on topic: All posts should be related to the Android OS or ecosystem.
No support questions, recommendation requests, rants, or bug reports: Posts must benefit the community rather than the individual. Please post to !askandroid@lemdro.id.
Describe images/videos, no memes: Please include a text description when sharing images or videos. Post memes to !androidmemes@lemdro.id.
No self-promotion spam: Active community members can post their apps if they answer any questions in the comments. Please do not post links to your own website, YouTube, blog content, or communities.
No reposts or rehosted content: Share only the original source of an article, unless it's not available in English or requires logging in (like Twitter). Avoid reposting the same topic from other sources.
No editorializing titles: You can add the author or website's name if helpful, but keep article titles unchanged.
No piracy or unverified APKs: Do not share links or direct people to pirated content or unverified APKs, which may contain malicious code.
No unauthorized polls, bots, or giveaways: Do not create polls, use bots, or organize giveaways without first contacting mods for approval.
No offensive or low-effort content: Don't post offensive or unhelpful content. Keep it civil and friendly!
No affiliate links: Posting affiliate links is not allowed.
Our Communities
Lemmy App List
Chat and More