●Stories
●Firehose
●All
●Popular
●Polls
●Software
●Thought Leadership
Submit
●
Login
●or
●
Sign up
●Topics:
●Devices
●Build
●Entertainment
●Technology
●Open Source
●Science
●YRO
●Follow us:
●RSS
●Facebook
●LinkedIn
●Twitter
●
Youtube
●
Mastodon
●Bluesky
Catch up on stories from the past week (and beyond) at the Slashdot story archive
Forgot your password?
Close
This discussion has been archived.
No new comments can be posted.
Load All Comments
Full
Abbreviated
Hidden
/Sea
Score:
5
4
3
2
1
0
-1
More
Login
Forgot your password?
Close
Close
Log In/Create an Account
●
All
●
Insightful
●
Informative
●
Interesting
●
Funny
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
byVidar Leathershod ( 41663 ) writes:
Pray I don't alter it any further.
Having dealt with the fallout of people losing access to their accounts due to MFA, and not just from compromise, I am completely convinced that passkeys will result in the same. The whole system is completely ridiculous, and their whole claim of improved security has been demonstrated to be a fabrication.
byViol8 ( 599362 ) writes:
Instead of just having the browser remember a password you enter the once on each machine you're probably going to have to register Every Bloody Device (as you can hardly copy private keys all over the place) so no more going to a cafe in some far flung place to check your email if you have no phone connection.
byitsme1234 ( 199680 ) writes:
How would be SMS (the only thing that's going away) any better "if you have no phone connection" ?!
I don't see 2FA becoming mandatory (if you just want to go around entering your password, as single authentication method, into various cafe PCs), and from the existing 2FAs the vast majority are offline (TOTP, recovery codes, any kind of USB secure key, heck even passkeys between PC and phone over bluetooth don't need internet).
Parent
twitter
facebook
byViol8 ( 599362 ) writes:
"How would be SMS (the only thing that's going away) any better"
SMS works over 2G, apps don't.
byitsme1234 ( 199680 ) writes:
All the mentioned authentication schemes don't need even 2G. Additionally 2G is woefully insecure, particularly for authentication SMSes, never mind more and more discontinued.
byViol8 ( 599362 ) writes:
It doesn't need to be secure for a 1 time code. If a criminal already has your login and password you're screwed anyway.
byitsme1234 ( 199680 ) writes:
The account recovery is also tied to SMS, to the same number so nope, not a great idea to rely on 2G SMSes for anything.
byunrtst ( 777550 ) writes:
Google's planned replacement for the SMS codes appears to require internet access. From TFA:
“Specifically, instead of entering your number and receiving a 6-digit code, you’ll see a QR code being displayed, which you need to scan with the camera app on your phone.”
QR codes aren't magic. There's just a string or number in there. Usually, it's a URL. Maybe it's meant to trigger some Google app on your phone? In either case, it likely needs to call home, cause that's the point.
byMachineShedFred ( 621896 ) writes:
And pre-sync'd TOTP generators (there's a pretty popular one called Google Authenticator that runs on your phone, and uses standards so the seed key can be imported in basically every password manager out there) don't require any internet at all. What's your point?
byViol8 ( 599362 ) writes:
I don't want to have to require on a smartphone to read email on a PC is my point.
byitsme1234 ( 199680 ) writes:
A phone that can receive SMSes is a higher bar than a TOTP generator that can really run offline on anything (never mind phones, even watches, not even really smart watches but like Garmin watches or similar).
byMachineShedFred ( 621896 ) writes:
What about TOTP requires a smartphone? Do you not know how to use a web browser? Have you never seen a TOTP app on a desktop PC?
byunrtst ( 777550 ) writes:
You can even do this on the command line.
sudo apt install oathtool
seed="your TOTP seed from the setup QR code"
oathtool -b --totp "$seed"
Or use any of a number of TOTP generators out there. There's just a secret number, a well defined algorithm (math), and the current time = TOTP code.
byViol8 ( 599362 ) writes:
And how does one read the QR code?
byunrtst ( 777550 ) writes:
And how does one read the QR code?
You don't. That's what MachineShedFred was getting at - there are options that don't require internet access nor a phone. This is a tangent topic off of the Google QR code to replace SMS 2FA stuff and doesn't deal with parsing whatever it will be that Google rolls out.
When you setup TOTP with Google, they provide a QR code to scan, as well as a link/button to display the secret TOTP seed (that's really all that's in the QR code, btw). You add that seed to your TOTP app. You can scan the QR code to add it, w
There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.
Slashdot
●
●
Submit Story
It is much harder to find a job than to keep one.
●FAQ
●Story Archive
●Hall of Fame
●Advertising
●Terms
●Privacy Statement
●About
●Feedback
●Mobile View
●Blog
Do Not Sell or Share My Personal Information
Copyright © 2026 Slashdot Media. All Rights Reserved.
×
Close
Working...
Working...