WingNews logo WingNews
top | item 31277764

(no title)

procombo | 3 years ago

Authenticator apps, and SMS help them derive you have identity -- which is more secure for them and you. Hardware token via WebAuthn (etc) is only more secure for you.

When they say "for the sake of security" they mean for them too.

There's a reason they want you to verify using one of the first two methods first.

discuss

order

dns_snek|3 years ago

> Authenticator apps, and SMS help them derive you have identity

How do they do that?

TOTP (i.e. authenticator apps) is a simple algorithm where the value is derived from a secret key and current time. It certainly doesn't verify anything about you.

anticensor|3 years ago

By making the initial TOTP secret different for everyone.