2FA For Old Farts

[FatherJack]

I hate smartphones and I have a flip phone under protest. SMS 2FA would be nice. Cheers.

 

[Vill]

And MA will send you SMS from Sweden with 60 sek expiration time which you will receive in 2 minutes

 

[NevadaJake]

You can extract the 2FA "seed" from MA's QR code and use KeePassXC to securely generate codes on your PC. Unfortunately, you do need a smartphone to get the seed out of the QR code MA provides when setting up Entropia Pocket.

 

[Svarog]

Unfortunately, you do need a smartphone to get the seed out of the QR code MA provides when setting up Entropia Pocket.

Not even that, just save the picture with QR code and feed it to some tool like https://zxing.org/w/decode.jspx

 

[jambon]

Not even that, just save the picture with QR code and feed it to some tool like https://zxing.org/w/decode.jspx

I'd be cautious about entering that qr code on a random site, it's essentially the keys to your 2FA, anyone with that QR code can generate your one time codes.

Perhaps getting a yubikey and installing their authenticate app for Windows would be better. The app can read QR codes displayed on the screen.

Considered this option myself but haven't actually done it yet.

 

[Svarog]

I'd be cautious about entering that qr code on a random site, it's essentially the keys to your 2FA, anyone with that QR code can generate your one time codes.

The QR code doesn't contain any information about what service/site it belongs to, there is no way to figure it out even if someone tried to.

 

[MrBabul]

I would say "old farts" should atleast try adapt to technology. Get yourself a 40 pound smartphone and use it just for authorisation if you want to use flip phone for everything else.

 

[jambon]

The QR code doesn't contain any information about what service/site it belongs to, there is no way to figure it out even if someone tried to.

Actually, this can be untrue. As I've learned from using yubikey authenticator for other sites I've found that the QR codes can contain descriptive text such as the site name and account name in addition to the 2FA key. Yubikey reads this extra info and adds it as the default description.

Now, I have yet to try the EU one to see if it has this data too but assuming it doesn't (or trusting some random person that just says it doesn't) and slapping it in to a random site still isn't a great move. Even if it doesn't contain that info it's still bad practice to share that data (plus your IP) with a random site. I mean, are you ok with punching your password in on some random site just because you aren't sharing the specific site that password is for? Don't forget, thing like trojans, spyware and organized attacks are still very much a thing which can make your 2FA literally the last line of defense from someone taking over your account.

Just seems like sloppy security practices in this day and age of rampant cyber attacks.

P.S. to the OP... SMS is not a safe 2FA method due to sim swap attacks. Physical 2FA keys and authenticators are better.

 

[Svarog]

Alright, here's an offline QR decoder without uploading it to anywhere - https://github.com/Joohansson/offline-qr

 

[FatherJack]

I would say "old farts" should atleast try adapt to technology. Get yourself a 40 pound smartphone and use it just for authorisation if you want to use flip phone for everything else.

No

 

[slither]

I hate smartphones and I have a flip phone under protest. SMS 2FA would be nice. Cheers.

Go back to playing scrabble with all the old farts then, these new fangled online games are not for you.

 

[slither]

I was once like you and loved my flip-phone, what's the point in having a modern communication device if you can't look like Capt. Kirk?

But when the 2fa thing first started I finally turned in my flip phone for a cheapo smart phone. Guess what? you know all those things I hate about smartphones? I don't use them.

Here's the things an old geeza like me likes about smartphones:


1) I can make phone calls just like with a flip phone - however, I don't look like Capt. Kirk anymore

2) I can write texts without needing to press a button 3 times to get a single character.

3) I don't need to worry about losing my custom charger, just use a standard usb C.

4) The torch is a Godsend.

5) Magnification app really helps these old eyes.

6) Music is fun for my daily constitutionals.

7) Bus app means no more waiting for buses, I leave the house and a bus magically appears as I reach the bus stop (will be even better when I get my pensioner pass)

8) 2FA

 

[FatherJack]

Silly troll begone! I'd sooner huff dog farts than engage with a tit like you.

 

[slither]

As you don't have a good argument for not getting a smart phone I will take this as a victory - I win!

 

[TheOneOmega]

The main argument is that the Gold Card Security System has far superior security properties, namely that the device is dedicated exclusively to its specific security task without the ability to execute arbitrary software, and that the device has no online connectivity, both of which severely limit potential attack vectors.

There has been extensive research on software wallets and hardware wallets in the cryptocurrency space, and while I wouldn't necessarily say that software wallets are inherently disqualified from the pool of viable security options, "The main conclusions are no real surprise in that, if you want to secureyour cryptocurrency then either convert it into a paper wallet using thebitcoinpaperwallet.com service or use a device such as the cryptosteel walletin ’cold storage’ and in a very safe place such as a locked safe."

 

[Angel O2 Mercer]

Oh dear. Gentlemen settle down, if someone dislocates their prosthetic hip I'll have to call the constabulary.

I'm sure Mindark will find a way to send your 2FA codes by horse-drawn carriage or telegraph very soon.

Stay tuned for further developments on this matter.

 

[shaun117]

tis the year 2024, adapt or be left behind.