• Encrypt-Keeper
    link
    English
    1710 months ago

    Have they given up on their “Passwords are insecure, use this 4 digit pin instead” push?

    • @Specal
      link
      English
      310 months ago

      I just use their Authenticator app out of convenience, I get a notification when I login through it and it asks me to input the correct number given by the app, a 2 digit number.

    • @Flying_Hellfish
      link
      English
      310 months ago

      Not entirely, but now MS, and a lot of other companies, are pushing passkeys. I still prefer password + hardware 2fa but it’s safer than people reusing the same password everywhere.

      • Encrypt-Keeper
        link
        English
        3
        edit-2
        10 months ago

        I am a fan of passkeys. Particularly because they essentially function as hardware 2fa, except they’re the only factor, which isn’t as big of a problem because it’s not something you can steal in a service breach like passwords. I’ve also noticed that even when using passkeys, most sites let you force a TOTP code as well anyway.

        • @Flying_Hellfish
          link
          English
          310 months ago

          Very true, the big issue with them is a lot of popular hardware keys, including the yubikeys that I have, are limited to the number passkeys they can store (yubikey is 25 unique). Luckily password managers are starting to support them, but now you’re back to having a strong password + hardware 2FA to store those passkeys anyway.

          I do like TOTP or just hardware 2FA as a backup for my passkeys. What I really can’t stand is sties that only offer SMS as 2FA, it makes me more angry than it probably should.

          • Encrypt-Keeper
            link
            English
            110 months ago

            iPhones natively support passkeys, so at the very least the iOS user base can easily use them. Not sure about Android though.