this post was submitted on 31 Jul 2025
251 points (94.7% liked)

Technology

73457 readers
3831 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
251
Proton releases a new app for two-factor authentication (techcrunch.com)
submitted 1 day ago* (last edited 1 day ago) by RmDebArc_5@piefed.zip to c/technology@lemmy.world
95 comments fedilink hide all child comments
 

cross-posted from: https://piefed.zip/post/289079

Proton Authenticator Blogpost

you are viewing a single comment's thread
view the rest of the comments
[–] RoadTrain@lemdro.id 6 points 1 day ago (2 children)

So the two-factor authentication apps shouldn't be on desktop argument never made sense to me, mobile is the same way.

I think that argument was rooted in the assumption that the phone was a separate and smaller attack surface. The assumption is reasonable if you use your credentials mostly on desktop and only have a few apps on your phone, which was indeed the case for a lot of people in the past.

But nowadays, a lot of people use the same credentials on the phone just as well, and with everything asking to install their app, I'm not sure the attack surface really is smaller anymore. So, if you're in this scenario, I agree with you that you may not be sacrificing much by having 2FA on desktop.

And, of course, 2FA, even in the same password manager, is still better than none. Your first factor can be stolen in more ways than just compromising your machine, for example through data breaches.

[–] IllNess@infosec.pub 1 points 1 day ago

But nowadays, a lot of people use the same credentials on the phone just as well, and with everything asking to install their app, I’m not sure the attack surface really is smaller anymore. So, if you’re in this scenario, I agree with you that you may not be sacrificing much by having 2FA on desktop.

This makes sense and puts holes in my statement. I also feel like more people are willing to install shady stuff on their phones than their desktop now. I have no sources for this though.

[–] Pika@sh.itjust.works 1 points 1 day ago

That makes sense. I hadn't really looked at it from the angle of most apps are going on devices anyway. Mine was just because of the fact that it's super annoying having to have my phone on me at all times for two-factor authentication. Especially considering that most 2FA apps require you to sign in in order to use them anyway.

Also, yeah, that was my ideology when I threw them into my password manager. That if they can manage to breach a device, find my private key that's used to lock the database and figure out the password for the database. Something far worse has gone wrong and losing my passwords is the least of my issues.