because the security key can’t be phished no matter what
-
-
Replying to @Pinboard
But TOTP still provides equivalent access to my account, is possible to phish, and I'll still be using it on mobile = my confusion
1 reply 0 retweets 0 likes -
Replying to @michaelstepner @Pinboard
Could argue it reduces attack surface slightly. But which threat model is this securing against? I don't see value > inconvenience
2 replies 0 retweets 0 likes -
Replying to @michaelstepner
threat model is phishing, which works against even very sophisticated users.
1 reply 0 retweets 0 likes -
Replying to @Pinboard
Is the argument: (i)Phones are relatively secure devices, laptops are relatively insecure-->use better 2FA security on your laptop
1 reply 0 retweets 0 likes -
Replying to @michaelstepner
it is! It’s a terrible argument, we’re all waiting for 2FA that works on the iPhone
1 reply 0 retweets 1 like -
Replying to @Pinboard
Agreed! Feedback—despite knowing the ingredients of the argument, I didn't combine them. It's hard to communicate & w many prereqs
2 replies 0 retweets 0 likes -
Replying to @michaelstepner @Pinboard
Also, what are the current stories of TOTP phishing in the wild? Despite paying relatively close attention, I haven't heard them.
1 reply 0 retweets 0 likes -
-
Replying to @Pinboard
Given the lack of known exploitation, the inconvenience, and the difficulty of the argument—TBH, I think it's not worth making rn.
2 replies 0 retweets 0 likes
strongly disagree, but I understand your thinking
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.