Gregory's Server@r000t @0xabad1dea not exactly, back in 2000, my swiss bank had a 2fa (kinda). I received by post a small cardboard with a 8*12 table populated with numbers. And each rime I logged in, I had to provide a number : A9, J2, etc.
|
8 comments
@Kye @flore @0xabad1dea nah, I don't remember what it's called, but LastPass in the early 2010s had it as a free-tier 2FA feature. The codes aren't "burned" as they're used like an OTP would be, you're just asked to provide random values from the grid. Sorta like early video game DRM.  @r000t @flore @0xabad1dea I still remember the recommended speed for an asteroid field in Wing Commander because it was one of the answers to the DRM questions. @r000t @Kye @0xabad1dea it's not a TOTP, right. But it's still a 2nd factor : something you own (in addition to the password : something you know) @flore @r000t @0xabad1dea The authentication apps on phones are more convenient (and they're locked to the phone, so also 'something you have'), but I'm still terrified by what will happen if/when my phone breaks. (Yes, I do have some recovery codes.) @tpuddle @flore @0xabad1dea In theory, an attacker could collect the whole card 4-5 cells at a time with each auth he's able to monitor. So while it's still going to stop 99%+ of attacks, TOTP and webauthn are technically better. As for your backups when enrolling a phone app, store the shared secret somewhere, or a copy of the QR code. Nicer third party TOTP apps let you back up their whole database but keeping the shared secrets is portable. @r000t @tpuddle @0xabad1dea As I said it was in 2000 (before 2003), so smartphone didn't exist. @flore @r000t @0xabad1dea |
@flore @r000t @0xabad1dea That's known as a one time pad.