It feels like the factors of authentication discussion misses one important aspect: can the factor be replayed. Passwords can be replayed indefinitely, while the email links you get or the OTP token only work for a short period of time.

I remember it from the bad days when I used LastPass. Suddenly I got a notification that the place had been compromised and I had to suddenly change hundreds of passwords. 90% of them were for sites that didn't even exist any longer, but sifting through the long, long list to go change passwords was more work than I wanted to do.

Don't have to do that if I need to use a one-time token via Aegis or email! I do agree, though, that for low risk sites, username/password is totally fine.

[–] zea_64@lemmy.blahaj.zone 3 points 2 weeks ago

It's a neat option, but should not be forced.

[–] lessthanluigi@lemmy.sdf.org 2 points 2 weeks ago

Hearing this in Spongebob's voice is amazing!

[–] muusemuuse@sh.itjust.works 2 points 2 weeks ago (1 children)

Yubikey. Done.

[–] MDCCCLV@lemmy.ca 2 points 2 weeks ago

The pin system implementation is terrible at least for Windows, because it forces you to make a pin but not all websites do that so it's easy to make a pin for one website but not realize that if you forget the pin and misenter it 10 times it locks the key permanently and you have to reset it, but that deletes everything and so you can end up in a situation where the yubikey is on your site account login but you dont have it now and you can get locked out.

[–] RedSnt@feddit.dk 2 points 2 weeks ago

That's the one good thing about just-eat leaving Denmark, no more having to deal with that BS.

load more comments