pull down to refresh
Yeah, once I asked Tutanota's customer service, and they told me it would only be from my end if I click any link or provide the OTP to a phishing site. But nowadays I am seeing everyone recommending passkey as they say TOTP is not safe. I'm really not sure why they're saying this; are they making us extra panicking?
It can, but not if you're using something like google auth and syncing it to your gmail account. Because once they gain access to your gmail account, they have access to your 2nd factor auth method and can login to any accounts that use those two factors. That's why many of these attackers go after the gmail account.
I think Google Authenticator is fine as long as you don’t enable the cloud sync feature or whatever it’s called. I haven’t don’t a thorough analysis of it, though
But there isn't even a point connecting everything to one service when you have such better alternatives.
Read this :
https://www.keepersecurity.com/blog/2024/07/03/google-authenticator-vs-keeper/
Google Authenticator does not provide end-to-end encryption, which makes it susceptible to hackers. If there's a data breach or someone compromises your Google account, all your 2FA secrets will be unprotected.
Can TOTP-based 2FA help prevent email hijacking?