this post was submitted on 31 Jul 2025
268 points (95.0% liked)

Technology

73503 readers
4491 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
268
Proton releases a new app for two-factor authentication (techcrunch.com)
submitted 2 days ago* (last edited 2 days ago) by RmDebArc_5@piefed.zip to c/technology@lemmy.world
98 comments fedilink hide all child comments
 

cross-posted from: https://piefed.zip/post/289079

Proton Authenticator Blogpost

you are viewing a single comment's thread
view the rest of the comments
[–] pulsewidth@lemmy.world 5 points 1 day ago (2 children)

Absolutely. 2FA codes (and 2FA 'single use codes' / recovery codes) should not be stored in the same system that manages your usernames and passwords - it defeats the purpose of 2FA.

But most people will just breeze past advice and do whatever is most convenient.

[–] theherk@lemmy.world 5 points 1 day ago (1 children)

I don’t view it as simply compromised or not. How a password is compromised is relevant. The vast majority of issues aren’t somebody gaining access to your logged in machine. Passwords are nearly always compromised from a server mishandling data.

That means in most cases 2FA near a password is not likely to be an issue. I’m not saying I recommend it, but it does change the risk evaluation.

[–] pulsewidth@lemmy.world 1 points 13 hours ago

Peoples credentials are increasingly captured by information stealer malware, including attacks on Keepass. It's not just services mishandling their data that people should consider as likely vectors.

I do agree about evaluation - it doesn't matter much with stuff like a forum account that has 2FA, but I certainly wouldn't put any of my banking or key account 2FA backup codes or credentials in a password manager or central account/password storage service. It weakens your protection if something does go wrong.

[–] jjlinux@lemmy.zip 3 points 1 day ago

I am (was?) one of those. Working on eliminating or changing the passwords and emails of my 550+ accounts. I'm creating a simplelogin email for each of the ones I'm keeping, setting up a randomly generated password for each as well (24+ characters long with every possible character available), trying to delete the accounts of services I don't want/need anymore, and then setting up 2fa on Aegis if they don't accept a hardware tokens.

But it's an intense and long process, though absolutely worth it. With work and personal life, I'm guessing I can be done in a couple of weeks.