Magic Links (just a shittier 2fa) style logins are just fvckin awful, depending on the awful, terrible, and dangerous tech called Email.
What's magic links? It's the thing that sends you email to verify presence.
Can't stress enough how awful everything connected to email is. I lost access to MULTIPLE services because of this shit.
TOTP 2FA is far better and safer.
What's TOTP/HOTP?
HOTP = Hmac-based One-Time Passwords
TOTP = Time-based One Time Passwords
A service, site, app, or your, generate a unique "key" that you have to add into an Authenticator app (like Google Authenticator, Bitwarden, 1password) gives one-time pins/passwords/passcodes. That's done with the magic of cryptography and it's actually safe & secure, proving presence.
TOTP is lovely. It's based on HOTP, where it is based on a counter - the counter should change to be able to get anoother one-time pass/pin/code. TOTP uses time for that counter, and it's actually "one-time" and cannot bruteforce or hack it.
Passkeys are the future. But what's Passkeys?
It's similar to TOTP 2FA, instead it's hardware-based generation. It's a way to sign/verify using cryptography built into your device. Every device nowadays has it. Call it Secure Enclave or whatever - that's it.
Passkeys = biometrics login (face id, touch id, fingerprints)
The State of the art. Resistant to phishing attacks. And so much more.
We are still 1 year before mass adoption, because we are waiting for WebAuthn Level 3 to land.
Until then people land in thhe latest versions of iOS and Android.. USE TOTP 2FA!
We talk about password-less future, but what about email-less?! Every site, app, and service MUST drop emails and passwords. Just username and TOTP code - that's all! That's how TOTP 2FA becomes 1-factor auth that's actually secure.
Here's the catch tho. The greedy assfvcked and broken capitalism never gonna allow dropping email, it's a heaven for marketers and scammers. And YOU, THE PEOPLE, are not what matters. They don't care about you, but your data and spamming you and telling you what to do, what to buy, and what to think.
wgw / WGW ☂️
npub1ts…lqfnf
2024-09-08 00:19:38
Author Public Key
npub1tsryk9dm5qejr06ywmg80q7ke6q6yfsmmys8clp4chf283shskts3lqfnfPublished at
2024-09-08 00:19:38Event JSON
{
"id": "2de3b98fc21563d78d6235a9061983805c222a0329962ce2c3d7a6fe6b8751b2",
"pubkey": "5c064b15bba03321bf4476d07783d6ce81a2261bd9207c7c35c5d2a3c6178597",
"created_at": 1725754778,
"kind": 1,
"tags": [],
"content": "Magic Links (just a shittier 2fa) style logins are just fvckin awful, depending on the awful, terrible, and dangerous tech called Email.\n\nWhat's magic links? It's the thing that sends you email to verify presence.\n\nCan't stress enough how awful everything connected to email is. I lost access to MULTIPLE services because of this shit.\n\nTOTP 2FA is far better and safer.\n\nWhat's TOTP/HOTP?\n\nHOTP = Hmac-based One-Time Passwords\nTOTP = Time-based One Time Passwords\n\nA service, site, app, or your, generate a unique \"key\" that you have to add into an Authenticator app (like Google Authenticator, Bitwarden, 1password) gives one-time pins/passwords/passcodes. That's done with the magic of cryptography and it's actually safe \u0026 secure, proving presence.\n\nTOTP is lovely. It's based on HOTP, where it is based on a counter - the counter should change to be able to get anoother one-time pass/pin/code. TOTP uses time for that counter, and it's actually \"one-time\" and cannot bruteforce or hack it.\n\nPasskeys are the future. But what's Passkeys?\n\nIt's similar to TOTP 2FA, instead it's hardware-based generation. It's a way to sign/verify using cryptography built into your device. Every device nowadays has it. Call it Secure Enclave or whatever - that's it.\n\nPasskeys = biometrics login (face id, touch id, fingerprints)\n\nThe State of the art. Resistant to phishing attacks. And so much more.\n\nWe are still 1 year before mass adoption, because we are waiting for WebAuthn Level 3 to land.\n\nUntil then people land in thhe latest versions of iOS and Android.. USE TOTP 2FA!\n\nWe talk about password-less future, but what about email-less?! Every site, app, and service MUST drop emails and passwords. Just username and TOTP code - that's all! That's how TOTP 2FA becomes 1-factor auth that's actually secure.\n\nHere's the catch tho. The greedy assfvcked and broken capitalism never gonna allow dropping email, it's a heaven for marketers and scammers. And YOU, THE PEOPLE, are not what matters. They don't care about you, but your data and spamming you and telling you what to do, what to buy, and what to think.",
"sig": "aabfba4e98b9324ca16add6fd3c2da527247fe882f0ae0142a8dc9a78fb84855158d758b3e366a6c634c9c73a0015c351a724b797f1bd4dc2455e6212c3c2d02"
}