Which is more secure for 2FA?
SMS or Google Authenticator?
I read that if someone compromises the server for the site you are authenticating, they can predict your Google Authenticator keys indefinitely, but some people believe that Google Authenticator is more secure because there have been instances of people socially engineering mobile providers to get a new SIM and "stealing" the target's phone number and account.
So which is it? Hijacking someone's phone to me sounds a lot more complicated, time-consuming, as less payoff than compromising a server and thus having all accounts, so which is better in actuality?
Google authenticator. No one has ever had their account compromised while using it. SMS happened to a ton of big youtubers a while back.
>>61330585
>>61330552
SMS only as secure as your carrier's ability to not change your SIM to any bloke that says that they're you.
Google Authenticator is much more secure.
>>61330552
>>61330585
>>61330851
yeah go with google auth. I use it works great. i use duo to, not as great.
>>61330552
How's that OpenVPN testing coming along?
>>61330868
The biggest risk with any of these authentication apps is the possibility of malicious apps taking screenshots/screen recordings of your device.
I wish Google would push an update to Authenticator that disallows screenshots/recordings when in the app. An app that does it well is Telegram when using the end-to-end encrypted (shitty encryption anyway) secret chats.
>>61330552
everytime ayumu gets posted i'm reminded how much i hatred and seething rage i have for wakaki
I'd recommend Authy over Authenticator for it's backup and restricted multi-device features, as well as if you use any 2FAs that use authy (Cloudflare, Twitch, and Humble Bundle come to mind).
>>61331065
>backing up 2FA keys to a server you don't own
>>61331065
hate that they fucking make you use authy for those sites. fuck that shit.
>>61331094
Does the server in your garage actually have better security?
>>61331065
Using authy which could easily have access to your backup not using Superior AuthWard™ with its sleek ui, nice managable selection of codes and protection, and no bullshit backup.
Also I'm not a shill and no sheckles where given to me to say this.
>>61331133
Considering my home server is not internet facing and doesn't have an attack surface for thousands or hundreds of thousands of people
yes, it does
>>61330552
Jesus christ retard, stop using either of those. Use a standard oath application such as "Android Token" (available on fdroid). It's a technology standard for fucks sake.
>>61331472
>oauth
fixed
>>61330552
If they compromise the server it doesn't matter what you use. Are you fucking brain damaged?
>>61331540
>oath
Wasn't broken in the first place.
https://en.wikipedia.org/wiki/Initiative_For_Open_Authentication
Also thanks >>61331472 anon, TIL.