This isn’t entirely true. The authenticator app option works with any OTP client. Infact, i’m storing my GitHub 2FA token inside of a KeePassXC database! You could also store it in something like password-store’s pass-otp and let the your client of choice handle it.
Either I added my 3x Yubikey security keys prior to that feature being taken away, or there’s a bug, or there’s some condition that has to be met before you can add security keys to your account: are you using a compatible web browser (e.g. recent Firefox), and have you downloaded/viewed/printed your recovery codes?
Mobile phones are the least secure device that you are likely to own
Un-nuanced absolutist statements like this grind my gears a little, haha
SMS is plain-text, and codes from the authenticator apps (and possibly also the GitHub Mobile app) can be phished, so in this regard I agree that the security key option offers the strongest safety/privacy, but those other phone options are still better than nothing for the majority of users
As far as devices I own, the only TV I could buy here was one running Android 10 without any software updates in the last 2 years, I feel I can confidently state that the TV is less secure than the phone I bought this year with an OS patch from this month
This also is not entirely accurate. I checked the options, and only two exist: sms or authenticator app. Both phone based.
Mobile phones are the least secure device that you are likely to own, so using them as authenticators is unwise.
This isn’t entirely true. The authenticator app option works with any OTP client. Infact, i’m storing my GitHub 2FA token inside of a KeePassXC database! You could also store it in something like
password-store’s pass-otp and let the your client of choice handle it.Okay, you got me stumped here
Either I added my 3x Yubikey security keys prior to that feature being taken away, or there’s a bug, or there’s some condition that has to be met before you can add security keys to your account: are you using a compatible web browser (e.g. recent Firefox), and have you downloaded/viewed/printed your recovery codes?
Un-nuanced absolutist statements like this grind my gears a little, haha
SMS is plain-text, and codes from the authenticator apps (and possibly also the GitHub Mobile app) can be phished, so in this regard I agree that the security key option offers the strongest safety/privacy, but those other phone options are still better than nothing for the majority of users
As far as devices I own, the only TV I could buy here was one running Android 10 without any software updates in the last 2 years, I feel I can confidently state that the TV is less secure than the phone I bought this year with an OS patch from this month