Re: [DNG] [OT] Twitch and 2FA (TOTP)
Bernard Rosset via Dng wrote: > Something very important is implied there, and probably only a few will > notice it: there is a requirement for a smartphone. In general, it’s also possible to do 2FA using applications on a desktop. But, what I don’t like is the assumption prevalent behind a lot of this (my bank keeps trying to persuade me to use “their app”) that we’re happy carrying around the keys to our lives on something that is a) easily lost, b) easily stolen, c) liable to run out of power at inopportune moments, or d) can break/be broken. b) is the worst case of course - because then the thief not only has your 2FA keys, but they also have access to your backup routes (e.g. SMS and email) as well. And for as long as it takes you to realise that it’s gone and be able to access the various services and change the access to them - which might not be easy if you are away from home and without access to your desktop or laptop. Simon ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] 2FA via SIPP# to PC- HowTo? Under Devuan
On Friday 08 October 2021 at 13:31:08, ael via Dng wrote: > On Fri, Oct 08, 2021 at 09:28:08AM +1100, terryc wrote: > > Hello folks > > > > Since it is topical:2FA > > > > So any recommendations for software and cluebies? > > > > For 2FA, all I need is a text message receiver. Others may want the > > whole headset backend. Any clues/experience? > > In UK at least, some providers have an option to do 2FA using a > landline/SIP 'phone (with a PTSN gateway). Usually they sent a > automated voice message asking for a number displayed on a webpage > to be entered on the keypad. Others send the code directly via > an audio message instead of a text. No smartphone needed. > > Pressure the companies to do the same? In my opinion, all companies should (be able to) offer an alternative means of authentication, if only for reasons of disability / accessibility, where not all people are able to use a screen captcha / smartphone / telephone / etc. For example, in Germany, Deutsche Bank switched a few years ago from using One-Time Pad Transaction Authentication Numbers to presenting a QR-code style (it's different, but it's the same idea) image on the screen when you're performing a transaction, and you either need a smartphone with a camera and the DB app installed, to read the code and show you the numbers on the smartphone screen, which you then type into the web page you are doing the transaction on, or you do the same thing with a specialised device which you buy from DB for €15 instead of using the smartphone and app. Neither of these works effectively for a blind user, so there is an (almost totally un-advertised) alternative where they will send a text message instead (knowing that blind people can generally manage to receive and read a text message by one means or another). It's still not entirely ideal, but it is at least an alternative, but you have to really ask to find out that it even exists. Antony. -- "There is no reason for any individual to have a computer in their home." - Ken Olsen, President of Digital Equipment Corporation (DEC, later consumed by Compaq, later merged with HP) Please reply to the list; please *don't* CC me. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] 2FA via SIPP# to PC- HowTo? Under Devuan
On Fri, Oct 08, 2021 at 09:28:08AM +1100, terryc wrote: > Hello folks > > Since it is topical:2FA > > So any recommendations for software and cluebies? > > For 2FA, all I need is a text message receiver. Others may want the > whole headset backend. Any clues/experience? In UK at least, some providers have an option to do 2FA using a landline/SIP 'phone (with a PTSN gateway). Usually they sent a automated voice message asking for a number displayed on a webpage to be entered on the keypad. Others send the code directly via an audio message instead of a text. No smartphone needed. Pressure the companies to do the same? ael ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] 2FA via SIPP# to PC- HowTo? Under Devuan
On Friday 08 October 2021 at 00:28:08, terryc wrote: > Hello folks > > Since it is topical:2FA > > TL:DR how to do it? > So any recommendations for software and cluebies? > > For 2FA, all I need is a text message receiver. Others may want the > whole headset backend. Any clues/experience? I doubt that as a small-scale user there is any economic way of getting SMS in or out over TCP/IP. I do this for a customer of mine with thousands of mobile numbers, but they have an SMPP gateway to a service provider, which you just can't get for a single number. However, at home I have set up the following: Raspberry Pi with a USB 3G dongle (eg: Huawei E160E) containing a SIM card, with the Debian / Devuan / Raspbian package "smstools" installed on the Pi. A bash script which smstools calls whenever a text message arrives, which both sends an email with the SMS content in the body, and if the SMS is from a select list of senders, reads out the content using the festival text-to- speech facility. That way, when a text arrives from Deutsche Bank, for example, to confirm a transaction, the loudspeakers read out the 6-digit code and it can be entered into the transaction form I'm in the process of completing. I hope that gives you some clues / ideas / inspiration :) Antony. -- A good conversation is like a miniskirt; short enought to retain interest, but long enough to cover the subject. - Celeste Headlee Please reply to the list; please *don't* CC me. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
