@BrodieOnLinux @sourcerer #iTAN > #SMS-TAN!

@thatguyoverthere @BrodieOnLinux

Just use a pencil or pen to tick out those you used. #ProblemSolved

Sarcasm aside, they also allow and encourage me to store my recovery codes seperately, thus they can also allow me to do the same with #TANs to #2FA, and with #iTAN they mitigate or at least vastly reduce the success rate of shouldersurfers gaining valid TANs...

@thatguyoverthere @BrodieOnLinux Let's just say that if #Github wants to mandate #2FA they need to make it even more accessible than #git is.

If I can't fit it on an #OS1337 boot floppy and keep it fully airgapped on paper without knowing time and date, it's shit.

If banks accept #iTAN to do million-euro transactions than Github can so too...
https://mstdn.social/@kkarhan/110965679190470398

@thatguyoverthere @BrodieOnLinux

Also yes, all #iTAN implementations will cross out all used TANs and the last 2-5 are used to auth a new iTAN sheet...

And the best part of it: those can be perfectly seperated and don't need anything but paper and ink to put them on.

Personally, I do want my shit to be so secure that I can't backdoor it at gunpoint without the ability to commit asset denial towards the attacker...

Call me weird, but I'd be dead for over a decade if I wasn't that cautious...

@10volt @thatguyoverthere @BrodieOnLinux

#iTAN are numerized, pre-generated TANs that get requested for randomized 2FA...
https://en.wikipedia.org/wiki/Transaction_authentication_number#Indexed_TAN_(iTAN)

And no, #TOTP / #HOTP & #SMS-#TAN are NOT practical for numerous reasons I CANNOT disclose...
https://mstdn.social/@kkarhan/110975936045776700

@thatguyoverthere @BrodieOnLinux I've yet to see any vulns re: #iTAN|s...

They worked fine two decades ago and they work fine to this day...

If they don't like 8-digit numerals they could just go with the wholse #Base64 like I did here...
https://github.com/kkarhan/misc-scripts/blob/7709dfdd907debe0912bbcc0fe7cbb694a0474d2/bash/.bash_aliases#L22

@BrodieOnLinux it means that if #GitHub doesn't support any good #offline - capable #2FA like #iTAN, a lot of folks won't use it at all!

Espechally since they don't support EVERY NATION AND NETWORK nor can one expect to have a dedicaded and secure phone number for that!

@jhwgh1968 they could've chose to go with #iTAN|s instead...

https://en.wikipedia.org/wiki/Transaction_authentication_number#Indexed_TAN_.28iTAN.29

Pasadizo
#Fotografía #SolamenteItan #Tunel #Pasadizo #Ladrillos #Tubería #Subterráneo #Móvil #SafeCreative #2305214374632
CopyLeft -- by-sa-4.0 #Itan
https://www.flickr.com/photos/solamente_itan/52913869132

@dalias @alexandria

and:
- you're forced to flee someplace and everyone around you will try to KOS you if they identify you.

Again: #TAN or rather #iTAN is the next best option.
https://mstdn.social/@kkarhan/110271086419549862

@alexandria that basically only allows #iTAN as method, since those can be printed out or stored otherwise.
https://en.wikipedia.org/wiki/Transaction_authentication_number#Indexed_TAN_(iTAN)

If necessary, the system would generate a new iTAN each time after successful login and demanding it for the next login, and so forth.

@dkiesow I think they can win but need to be decisive in front of goal. #Itan will also be playing for everything.

#Itan #thai #truck photos

#Itan #thai #truck photos

Drei Monate vor dem Ende immer noch kein Wort von meiner Bank dazu, dass #iTAN abgeschafft wird. Alternativen werden nicht beworben. Irgendwo auf den Webseiten versteckt gibt es einen Antrag zum ausdrucken zum mTAN Verfahren, welches heute aber auch nicht mehr als sicher gilt. Andere Alternativen gibt es nicht.