Re: Google will no longer send SMSs with six digit codes for verification

On 3/7/25 12:53 AM, VanguardLH wrote:

AJL <noemail@none.com> wrote:
>

My sensitive apps only require ONE 2FA login (including Walmart). Once
the host device is blessed it can be set so that no more 2FA is
required. So like Carlos I seldom need SMS 2FA. Only the apps on my
new toys for the first time. Course if I was paranoid I could set it
to ask on every login. But I don't. Apparently you do??

>
I avoid web-centric site-specific apps, like apps just for one site;
e.g., Walmart, bank, Home Depot, Delta (airline).  Instead I visit them
in a web browser.  One app that does all instead one app that does one
site.  Maybe if I used site-specific apps then I'd get 2FA far less
often, or not at all.  I tend to be very frugal as to what gets
installed on my smartphone.  I'm unlike a lot of smartphone users that
install any app just because there is one.

IMO specific apps are much easier to use on a phone or tablet than a
 browser. But the Android browser I use, Chrome, also remembers the device
 for each site and thus only one 2FA per site I use is required as in my
 apps. YMMV depending on the site I suppose but all mine be it app or
 browser only need one 2FA per device if so set.

Does any web browser store 2FA codes for reuse on login?

The only browser I use for 2FA is Chrome on everything: Android, W11, and
 Chrome OS stuff. It works the same on all. Only one 2FA per app/device
 unless set otherwise.

Perhaps DOM
Storage (aka site data) gets used for that.  I doubt any secure site is
going to use cookies.  I configure my web browser (Firefox) to purge
*all* its locally cached data on exit

I do the same with my Firefox browsers. But of course they won't remember
 anything including 2FA being set that way. If you get tired of redoing 2FA
 I suggest you get one browser just for that purpose.

as a countermeasure to tracking,
and up my privacy, and tweak the web browser to improve security.
Firefox on Android permits extensions like uBlock Origin.  Chrome on
Android does not allow any extensions. 

True. That's why I use apps.

As for web-centric apps, has there been any independent audits on each
one to determine their login security, and secure local files storing
any user data?  Don't most use the accounts stored in Android itself, so
those get reused.  I don't think Android is storing any 2FA codes or
other token in the accounts stored in Android.

Dunno. I put my trust in the individual apps. If I can't trust my bank,
 investment, utilities, Walmart, etc, what can I trust? Walmart does pretty
 good BTW. It lets me buy stuff without a new 2FA each time but to reorder
 prescriptions from the pharmacy section it requires a pin to get in...