:: Re: [DNG] [OT] Twitch and 2FA (TOTP…
Top Page
Delete this message
Reply to this message
Author: Bernard Rosset
Date:  
To: dng
Subject: Re: [DNG] [OT] Twitch and 2FA (TOTP)
> - Twitch only supplies a QR code

> - Twitch forces the use of Authy 2FA


Something very important is implied there, and probably only a few will
notice it: there is a requirement for a smartphone.

Smartphones are notoriously known for:
- Being a closed/proprietary environment:
* hardware
* OS (unless jailbreaked)
* Application "stores"
- From the previous point, being an easy target for vulnerabilities
- Being incredible eavesdropping enablers
- Being incredible privacy intrusion enablers

At the same time, emails are discarded as being unsafe/unenough for
2FA... but isn't it because *how* people/moral entities use emails (no
DNSSEC, using external email providers - not mentioning GAFAM, cleartext)?

Are smartphones more secure than emails?
To people answering yes to the previous question: really?!

With the pretext of "security" slowly comes the forced-fed ownership of
smartphones.
As it is an object coming generations can't imagine living with, this
message is/will be widely accepted without a thought.

This. This scares the shit outta me.

Bernard (Beer) Rosset
https://rosset.net/