This is why 2FA is awful. https://twitter.com/info_dox/status/856385086769569792 …
-
-
One important caveat: if you think passphrase may be compromised, you must delete pubkey from trust. Changing passphrase doesn't help.
-
what would be the advantage over using the password directly?
-
You can use the same key for multiple/all sites. Only one passphrase to remember.
-
ah ok yeah true that's easier to manage. and then access a pw-manager via the key for other sites?
-
Yeah. Of course ssh is just my preferred "auth root". An alternative for other users would be putting your encrypted pw-mgr file on pub site
End of conversation
New conversation -
-
-
How about a set of S/KEY sequences on a small index card in your wallet? (I've never done that so I'm genuinely curious.)
-
I used to use various otp schemes when travelling, but "something you know" is harder to lose than "something you have".
-
And I trust math more than physical safety of wallet.
End of conversation
New conversation -
-
-
Depends very much on your attack scenario. Private key files only have their kdf to defend them. Easy to parallelize brute force.
-
Yes, you need a really strong passphrase.
End of conversation
New conversation -
-
-
My problem is deciding between "something I'll forget" and "something I'll lose"
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.