this post was submitted on 31 Jul 2025
259 points (95.1% liked)

Technology

73534 readers
2451 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
259
Proton releases a new app for two-factor authentication (techcrunch.com)
submitted 2 days ago* (last edited 2 days ago) by RmDebArc_5@piefed.zip to c/technology@lemmy.world
72 comments fedilink hide all child comments
 

cross-posted from: https://piefed.zip/post/289079

Proton Authenticator Blogpost

you are viewing a single comment's thread
view the rest of the comments
[–] IllNess 10 points 2 days ago (14 children)

Hmm... I'm not sure about having an authenticator app on a desktop computer.

Like you are putting all your eggs in one basket. Password managers, and your emails already go to one place for authentication. Adding an authenticator means if your computer is compromised, a person can have access to more accounts.

I always figured this is why desktop authenticator apps aren't a thing.

[–] pulsewidth@lemmy.world 5 points 2 days ago (4 children)

Absolutely. 2FA codes (and 2FA 'single use codes' / recovery codes) should not be stored in the same system that manages your usernames and passwords - it defeats the purpose of 2FA.

But most people will just breeze past advice and do whatever is most convenient.

[–] theherk@lemmy.world 6 points 2 days ago (1 children)

I don’t view it as simply compromised or not. How a password is compromised is relevant. The vast majority of issues aren’t somebody gaining access to your logged in machine. Passwords are nearly always compromised from a server mishandling data.

That means in most cases 2FA near a password is not likely to be an issue. I’m not saying I recommend it, but it does change the risk evaluation.

[–] pulsewidth@lemmy.world 1 points 1 day ago

Peoples credentials are increasingly captured by information stealer malware, including attacks on Keepass. It's not just services mishandling their data that people should consider as likely vectors.

I do agree about evaluation - it doesn't matter much with stuff like a forum account that has 2FA, but I certainly wouldn't put any of my banking or key account 2FA backup codes or credentials in a password manager or central account/password storage service. It weakens your protection if something does go wrong.

load more comments (2 replies)
load more comments (11 replies)