|
|
Subscribe / Log in / New account

Some donation data prompts are nasty

Some donation data prompts are nasty

Posted Jul 30, 2024 16:21 UTC (Tue) by paulj (subscriber, #341)
In reply to: Some donation data prompts are nasty by pizza
Parent article: Lessons from the death and rebirth of Thunderbird

Yes, indeed, they need that second channel - e.g. a regular password. But, they probably have your access to your email now to reset that. Agreed.

However: FreeOTP+ lets you set "authentication", which means you must pass system authentication (e.g., system PIN unlock, or whatever you have configured) to open the app. If you are diligent about swiping-away/closing FreeOTP+ once you're done with it, this can give an additional layer of protection from general-case phone-stolen-while-unlocked.

I assume anyone with TOTP codes protecting anything important is using an app with such security, and has it enabled.

to post comments

Some donation data prompts are nasty

Posted Jul 30, 2024 17:54 UTC (Tue) by mb (subscriber, #50428) [Link]

>I assume anyone with TOTP codes protecting anything important is using an app with such security,
>and has it enabled.

I don't use any of the "normal" apps.

TOTP is trivial to implement in a few dozen lines of Python code:
https://github.com/mbuesch/pwman/blob/master/libpwman/otp.py

You can quickly write an authenticator with any additional access control and security guarantees that you want. (or just use mine ;-)

And an attacker probably won't know that it's there, if you wrote it by yourself.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds