En complément à votre coffre-fort de mots de passe (cf Jour 6), optez pour Aegis qui génère vos mots de passe à usage unique sur téléphone portable. 🔒
GPL-3.0
Hashicorp Vault TOTP Secrets Engine hỗ trợ tạo và xác thực mã OTP dùng một lần, thời gian sống ngắn (thường 30 giây), phục vụ xác thực hai yếu tố (2FA). Dùng để tích hợp với hệ thống bên ngoài hoặc cung cấp OTP từ Vault. Hỗ trợ API để tạo, liệt kê, xóa khóa và tạo/xác thực mã. Thiết lập dễ dàng qua CLI hoặc GUI.
Saw some post about migrating #authenticator apps... and I realised I never used Google app for example. Because when I started configuring #2FA, I already had #Yubikeys :blobcatpeek2:
So I naturally downloaded their Yubico Authenticator to use something I could use, without even thinking. And this was/is my first #OTP app I ever used.
I tried FreeOTP or something similar when it was recommended for some work thing in previous job, but never had a chance to really "feel" that because I changed jobs shortly after.
And now I thought for the first time that my only experience with OTP is when codes aren't device-locked... :blobcatgiggle:
And for me it's absolutely natural state, as things should be.
If you want to add extra security to your Mastodon account, you can optionally use "Two-Factor Authentication" (2FA). When you have this feature activated, even if someone else finds out your password they will be unable to log into your account.
There is a complete guide to activating 2FA on Mastodon here:
PassKeys seem like a bad idea. Google backs them up to the cloud, so if your Google account is compromised then all your private keys are compromised. I don't see how that's an improvement over password+2FA at all.
Now security keys I get; keep the private key on an airgapped device. That's good. Hell I even keep my 2FA-OTP salts on a YubiKey.