Follow

"Do I need a security token like Nitrokey or YubiKey for 'secure' 2FA?"

This depends on your threat model, see also infosec-handbook.eu/blog/discu

If your accounts don't support WebAuthn and/or U2F but time-based one-time passwords (TOTP), you can simply use an app like FreeOTP to generate TOTPs on your smartphone. This is considered more secure and more private than SMS-based 2FA, and you don't need to buy additional hardware.

@infosechandbook You think you could help me configure a USB Security Token/PGP Smartcard I found? I previously sent a photo of the device.
Sign in to participate in the conversation
Mastodon

mastodon.at is a microblogging site that federates with most instances on the Fediverse.