pull down to refresh
0 sats \ 8 replies \ @NovaRift 19h \ on: Even VPs at Blockstream are getting phished. Do not answer the phone. security
Can TOTP-based 2FA help prevent email hijacking?
reply
Yeah, once I asked Tutanota's customer service, and they told me it would only be from my end if I click any link or provide the OTP to a phishing site. But nowadays I am seeing everyone recommending passkey as they say TOTP is not safe. I'm really not sure why they're saying this; are they making us extra panicking?
reply
It can, but not if you're using something like google auth and syncing it to your gmail account. Because once they gain access to your gmail account, they have access to your 2nd factor auth method and can login to any accounts that use those two factors. That's why many of these attackers go after the gmail account.
reply
reply
I think Google Authenticator is fine as long as you don’t enable the cloud sync feature or whatever it’s called. I haven’t don’t a thorough analysis of it, though
reply
But there isn't even a point connecting everything to one service when you have such better alternatives.
Read this :
Google Authenticator does not provide end-to-end encryption, which makes it susceptible to hackers. If there's a data breach or someone compromises your Google account, all your 2FA secrets will be unprotected.