Sujet : Re: Google will no longer send SMSs with six digit codes for verification
De : V (at) *nospam* nguard.LH (VanguardLH)
Groupes : comp.mobile.androidDate : 04. Mar 2025, 20:23:27
Autres entêtes
Organisation : Usenet Elder
Message-ID : <1ewh0fkbpkzsg$.dlg@v.nguard.lh>
References : 1 2 3 4 5
User-Agent : 40tude_Dialog/2.0.15.41
Dave Royal <
dave@dave123royal.com> wrote:
Google Authenicator, and the ones I use - andOTP (Android only)
and FreeOTP - use TOTP:
<https://en.m.wikipedia.org/wiki/Time-based_one-time_password>
I don't know anything about Microsoft Authenticator.
Yet different authenticators, also all using TOTP, think they know
better how to improve security. Google's, Symantec's, Authy's, and
others' authenticators are not 100% compatible. You'll find you have to
use one as some sites, a different one at some other sites, and so on.
You may end up with a suite of authenticators to cover all the sites
where you login. Many sites will work with any TOTP authenticator, but
not all.
https://en.wikipedia.org/wiki/Comparison_of_OTP_applicationsNone of them are Yes (green) across the board, and the Yes/No don't
match across different authenticators. Bitwarden has more Yeses than
Google and Microsoft that only support iOS and Android. I used Authy
before, because it had a desktop app (Windows, Linux, Mac), but they
dropped their desktop apps a year ago. Bitwarden supports desktops
OSes, but TOTP and Yubikey are a premium features ($10 or $40 per year
subscriptionware). I'm not paying to let sites force security theater
on me.
Maybe I might buy a Yubikey, but only if that helps automate the
authenticator to eliminate nuisancing the user on login with the
security theater crap, and only if just the hardware key is the only
cost (~$55). Yubico has their own authenticators for desktops (Windows,
Mac, Linux), and mobiles (ioS, Android) that work with their own
Yubikeys. However, Yubico doesn't support Epoch, but then neither do
most the authenticators listed in the wiki article (hence my mention
about compatibility, and possibly having to use multiple authenticators
to cover all the sites where you login that foist 2FA).
Unfortunately that wiki comparison article doesn't show which
authenticators work with hardware security keys. Yubikey works with
Google Authenticator, but then it desparately needs a hardware security
key since it stores keys in plain text.
https://saaspass.com/authenticator/"SAASPASS encrypts all data, whereas Google Authenticator stores keys in
plain/clear text; this is a problem especially with rooted devices and
backup programs, where unencrypted data can be viewed easily"
I didn't see QR mentioned in their features list, but QR is mentioned at
https://saaspass.com/faq/ yet requires an Internet connection. Maybe
SASSPASS works with my bank although the bank only lists Symtantec VIP
and Authy as supported. However, since there is no free tier with
SASSPASS, just trials and subscriptionware, that candidate is scrapped.
Google will no longer send SMSs with six digit codes for verification
Re: Google will no longer send SMSs with six digit codes for verification
