{"p":"","h":{"iv":"ROXSYW+cfvEbFHu5","at":"ocxplSQjdRC3tXEtB/9/wg=="}}

@Fascinatorfun @feditips

And apparently the only way to add 2FA to Mastodon is to use Yet Another(tm) third-party “app”

So that third party - someone unknown to me otherwise- has my phone number *and* all the 2FA transactions I conduct using that app

Why not just send an SMS/text directly to my phone, like my banks and eleventy-dozen other places do

Why drop an app in there at all?

1
Share
Share on Mastodon
Share on Twitter
Share on Facebook
Share on Linkedin
FediTips has moved!

@FinchHaven @Fascinatorfun

No, the 2FA app has no knowledge of whether you've used it or not. It just passively displays codes related to a particular timestamp and encryption key. It's essentially an elaborate clock.

If you open the 2FA app, its codes will keep changing as the clock ticks, regardless of whether you've used them.

SMS on the other hand DOES give a trail every time it is used. It is also insecure and much easier for hackers to spy on.

1
2y
Replies