On Wed, 11 Jun 2025 06:56:16 -0400 Scott Allen via Talk <talk@lists.gtalug.org> wrote:
On Tue, 10 Jun 2025 at 22:14, Scott Allen <mlxxxp@gmail.com> wrote:
Ideally (for me) using a hardware security key, such as a YubiKey or Google Titan, or less ideally, using FIDO one-time code from the Google Authenticator app or equivalent
Correcting myself; FIDO is associated with hardware keys. Google Authenticator, etc., uses TOTP algorithms specified in RFC 6238.
2FA relies on second factor authentication, as such it depends entirely on security requirements. 2FA using TOTP where the 2FA is on the same device as the initial authentication provides the same amount of additional security as 2FA relying on email username & password for auth FIDO on the other hand provides external 2FA and is 'real' 2FA but is not 'free' or 'cheap' as real hardware & software for that hardware costs real money. When (or 'if') TOTP is on secondary device, or even if email code is to second device and second hosting provider that 2FA provides a real actual additional layer (in the onion) but sending 2FA to same device means as much as the security of that device itself.