I talked to multiple friends today about password security, and I'm shocked to learn that people still use questionable password schemes and I really see why people are trying to move away from passwords to things like 2FA or hardware tokens. Nobody educates people on how to make good passwords that hold up to security guarantees, and they buy in to whatever technology saves them time and effort. It's not a judgement on them, but it's just shocking to me. So let me explain.
@jookia I refuse to use any 2FA that is SMS-based, which is most 2FA systems these days. Its security is questionable at best and prone to social engineering attacks, not to mention that it requires forking over a very trackable and identifiable phone number to function. TOTP or GTFO, I say.
@faoluin I've had the opposite experience- most 2FA I've used is TOTP or uses a proprietary app.
@jookia @email@example.com *Grumbles at the inconvenience of defederation*
One of my old banks used to restrict passwords to no more than ten characters in length. It was insane, and not that long ago.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!