🧵4/5

Thursday: Hackers are using OTP bots to get around #SMS and #TOTP authenticator codes. Make the switch to #FIDO U2F for maximum login security tuta.com/blog/2fa-tutanota-sup… 🔐

Update of your secure mail client: Tutanota adds 2FA support

We recommend U2F as the most secure version of two-factor authentication.

^Tutanota

PSA: If you're still using #Raivo 2FA on iOS back up your data immediately and do not update to the latest version.

As we suspected would happen when they were acquired last year, the new owners of the app have pivoted to a forced subscription model and updating to the new version will delete all your TOTP codes! discuss.privacyguides.net/t/ps…

We recommend switching to Ente Auth, which can be used completely locally or with @ente's end-to-end encrypted cloud backups.

#TOTP #RaivoOTP #PSA #Ente #EnteAuth

PSA: Export your keys before updating Raivo OTP to the latest 1.6 version

Be careful as you might lose all your keys if you update Raivo to the latest 1.6 version without backing up your keys before when not using an online sync.

^{Privacy Guides}

@protonprivacy
#ProtonMail, #ProtonCalendar, #ProtonVPN, #ProtonDrive, and #ProtonPass.

@obsidian
Replaced my usage of #StandardNotes

@session
Replaced my usage of #Signal

@calyxos
Revamped my old #Pixel

@veracrypt
My usage is infinite...

@keepassxc
Always on a #VeraCrypt volume
My #totp generator...

#Protectli #FW4B running #pfsense...

Meh... but no one knows what tomorrow will bring...

What is your preferred method of #2factorauthentication ? 🔑📱

Tuta offers full support for #U2F & #TOTP to keep your account secure! 🔒

👉 tuta.com/blog/posts/why-u2f-is…

Why U2F is important: How it works and why you need it.

FIDO U2F is important to secure your authentication process. It protects your account from malicious take-over, including phishing. Make sure you never lose access to your online identity!

^Tutanota

• U2F Security Keys (34%, 125 votes)
• TOTP Authenticator Apps (57%, 207 votes)
• Email Verification Codes (2%, 10 votes)
• SMS Verification Codes (5%, 18 votes)

@pink
"Push": Das klingt proprietär und fühlt sich für mich eh etwas gruselig an...

Solange aber ein "#TOTP: Time-Based One-Time Password Algorithm" gemäß #RFC6238 zum Einsatz kommt, sollte man das Verfahren mit jedem passenden Tool bestreiten können. Wozu gibt es offene Standards? 😉

datatracker.ietf.org/doc/html/…