• 0 Posts
  • 7 Comments
Joined 13 days ago
Cake day: July 18th, 2025
  • RoadTrain@lemdro.idtoProton @lemmy.worldProton releases a new app for two-factor authenticationEnglish
    6·
    7 hours ago

    I don’t really get the “all eggs in one basket”

    I think the argument is that if at some point Proton services get compromised, or if Proton somehow turn into the bad guys, then using fewer of their services will impact you less or give you more time to react. The same goes for any other vendor, of course, which is why the way you address this is by spreading your trust across different services/regions/owners/…

  • RoadTrain@lemdro.idtoTechnology@lemmy.worldProton releases a new app for two-factor authenticationEnglish
    6·
    7 hours ago

    So the two-factor authentication apps shouldn’t be on desktop argument never made sense to me, mobile is the same way.

    I think that argument was rooted in the assumption that the phone was a separate and smaller attack surface. The assumption is reasonable if you use your credentials mostly on desktop and only have a few apps on your phone, which was indeed the case for a lot of people in the past.

    But nowadays, a lot of people use the same credentials on the phone just as well, and with everything asking to install their app, I’m not sure the attack surface really is smaller anymore. So, if you’re in this scenario, I agree with you that you may not be sacrificing much by having 2FA on desktop.

    And, of course, 2FA, even in the same password manager, is still better than none. Your first factor can be stolen in more ways than just compromising your machine, for example through data breaches.