I would have expected them to message them, in order to resolve any issues, if I haven’t got access to my old email. Instead, they assume that I still have access to it, by simply emailing the email provider!
If I could do that, I wouldn’t have lost access to it through would I?
There is.
2FA. No, not the fucking “we’ll send you an SMS” bullshit that is increasingly used to just highlight an active phone number for spam purposes. Proper TOTP with the code backed up to a proper service (bare minimum, Bitwarden)
Someone can steal your password and even your email account (unless you TOTP that too…). They still can’t get into your account unless you are an idiot who gets tricked into providing the 2FA key.
In a perfect world? Have your TOTP credentials in one encrypted database/Bitwarden account and your passwords in another. In reality? Just use a trusted service. I used to be a big fan of Keepass but protecting that with a yubikey (or similar) is a huge mess.
Quick question, how do you back up a 2FA “code” to Bitwarden? Sounds like a wise thing to do for my current 2FA accounts.
Really depends on your current tool so RTFM on that.
But when you are activating it in your account? There is a QR code you are supposed to scan. And there is almost always a button like “Having trouble?” or “Show TOTP Key” or whatever. Click that and you get a long alphanumeric string instead. Paste that into the TOTP field for Bitwarden (or Keepass or whatever) and it will generate codes for you.
Once or twice I have had to actually use my phone camera to decode the QR code so that I can manually type in the TOTP code/seed, but I think the last time I did that was in like 2020?
OMFG YEEEEEEESSSSS I HATE THOSE I’m not even super duper security focused I just love the idea of even a bot farm has to guess a code within a 30 second window
Meanwhile sms codes usually expire between a ten minutes and an hour, usually a half hour, but thats if at all
As much as I hate them they’re better than nothing :/
deleted by creator
Would that work with my pin which is the equivalent of 40483770487025502574448? Or is a password better?
I think a pin like that is harder to remember for people, and even to get it using fingerprints is difficult because you cover a lot of the numbers giving false information