> - Twitch only supplies a QR code
> - Twitch forces the use of Authy 2FA
Something very important is implied there, and probably only a few will
notice it: there is a requirement for a smartphone.
Smartphones are notoriously known for:
- Being a closed/proprietary environment:
* hardware
* OS (unless jailbreaked)
* Application "stores"
- From the previous point, being an easy target for vulnerabilities
- Being incredible eavesdropping enablers
- Being incredible privacy intrusion enablers
At the same time, emails are discarded as being unsafe/unenough for
2FA... but isn't it because *how* people/moral entities use emails (no
DNSSEC, using external email providers - not mentioning GAFAM, cleartext)?
Are smartphones more secure than emails?
To people answering yes to the previous question: really?!
With the pretext of "security" slowly comes the forced-fed ownership of
smartphones.
As it is an object coming generations can't imagine living with, this
message is/will be widely accepted without a thought.
This. This scares the shit outta me.
Bernard (Beer) Rosset
https://rosset.net/