This is why 2FA is awful. https://twitter.com/info_dox/status/856385086769569792 …
-
This Tweet is unavailable.
-
Replying to @RichFelker
Solution for advanced users: id_rsa on public site, strong passphrase = ability to re-establish auth roots from anywhere with new device.
4 replies 1 retweet 2 likes -
Replying to @RichFelker
One important caveat: if you think passphrase may be compromised, you must delete pubkey from trust. Changing passphrase doesn't help.
1 reply 0 retweets 2 likes -
Replying to @RichFelker
what would be the advantage over using the password directly?
1 reply 0 retweets 0 likes -
Replying to @f0rki
You can use the same key for multiple/all sites. Only one passphrase to remember.
1 reply 0 retweets 0 likes -
Replying to @RichFelker
ah ok yeah true that's easier to manage. and then access a pw-manager via the key for other sites?
1 reply 0 retweets 0 likes
Yeah. Of course ssh is just my preferred "auth root". An alternative for other users would be putting your encrypted pw-mgr file on pub site
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.