not one time codes, but google authenticator style. SMS for 2FA is a poor choice against seizure.
-
-
Google authenticators needs phone number first; so FB would get phone number in either case.
1 reply 0 retweets 0 likes -
Replying to @zeynep @ramblingpolak and
I understand why SMS isn't a great choice. Not sure best solution for both privacy & security.
1 reply 0 retweets 0 likes -
Replying to @zeynep
I don’t think I’ve ever provided a phone number to enable an authenticator token for any service… When do you get prompted?
1 reply 0 retweets 0 likes -
Replying to @ramblingpolak @zeynep
Usually just scan QR code and you’re up and running.
1 reply 0 retweets 0 likes -
Replying to @ramblingpolak
https://support.google.com/accounts/answer/1066447?hl=en … wants phone number, no? (Don't use that for Google at the moment).
1 reply 0 retweets 0 likes -
Replying to @zeynep @ramblingpolak
My current ideal is a "security key" with a pin; so it can't just be stolen but is also not part of phone. 2.5FA.
2 replies 0 retweets 0 likes -
Replying to @zeynep
https://www.facebook.com/help/270942386330392 … is what i was referring to.
1 reply 0 retweets 0 likes -
Replying to @ramblingpolak
Not too many ways of solid security without providing a phone number in most platforms--I guess besides Google security key?
1 reply 0 retweets 0 likes -
Replying to @zeynep
I use a U2F key where possible, followed by TOTP, and SMS as a last resort. For SMS in most cases a Google Voice # works.
1 reply 0 retweets 0 likes
It's very hard to convince people to use U2F & Google Voice isn't available in all countries but that would be a good order.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.