@10volt @thatguyoverthere @BrodieOnLinux

#iTAN are numerized, pre-generated TANs that get requested for randomized 2FA...
https://en.wikipedia.org/wiki/Transaction_authentication_number#Indexed_TAN_(iTAN)

And no, #TOTP / #HOTP & #SMS-#TAN are NOT practical for numerous reasons I CANNOT disclose...
https://mstdn.social/@kkarhan/110975936045776700

@kennwhite +9001%

In the end there's always a form of "password"...

#Cookies", "#SessionID|s", "#TOTP"/"#HOTP" & #FIDO2 are just fanier ways to implement Passwords by making them change automagically...

@mysk I'd rather recommend to avoid it at all costs and choose a non-proprietary #2FA method like #HOTP (#RFC4226) & #TOTP (#RFC6238)...

Like FreeOTP+ does:
https://f-droid.org/en/packages/org.liberty.android.freeotpplus/

@macrumors Prefer ungoogled apps like this:
https://freeotp.github.io/
#FreeOTP implements open standards: #HOTP and #TOTP. This means that no proprietary server-side component is necessary: use any server-side component that implements these standards. We recommend FreeIPA.

Aegis Authenticator is a great opensource android app to store and manage access tokens. It can also import/export tokens, see official page for more info:

https://getaegis.app

dev: https://github.com/beemdevelopment/Aegis

#2FA #HOTP #encryption #security #android #app #androidapp #opensource

RT @TraumaCareUK@twitter.com

Last months Hot Off The Press Webinar, presented by Elaine Cole and George Peck is now available on our YouTube Page. Just go to https://youtu.be/Hu1Jgm0zy7w to watch and get your CPD Certificate. You can find the link to the certificate in the description!
#CPD #HOTP #Webinar #FOAMed

🐦🔗: https://twitter.com/TraumaCareUK/status/1603691738320756736

MY FAMILY IS HERE, MAKING CHAOS!!!

RT @OboeLauren@twitter.com

@idlechampions@twitter.com @mockman@twitter.com Look at all these Heroes of the Planes!! #HotP

🐦🔗: https://twitter.com/OboeLauren/status/1601354297433763840

@pink @IzzyOnDroid
Tja, wenn MS ein #HOTP als #TOTP interpretiert... :blobcatdizzy:

Aus Deinem verlinkten Artikel:
But it only supports TOTP tokens. This would be fine if this app would NOT accept QR codes if HOTP tokens.
But it does - and simply treats them as TOTP.

@Troll Solution : #HOTP (RFC 4226), au lieu de #TOTP. (Mais il a d'autres inconvénients, la vie n'est pas facile, ma bonne dame.)

What's the best #TOTP / #HOTP app for Android (a la Google Authenticator) with features such that if I lose my phone etc, I don't have to set up #2FA with 50 accounts all over again? So like a daily backup of the keys or whatever to a file on the device, or somewhere that doesn't give Google / the NSA access to all my shit.