Hi Qubes fellows,On reading content on 2FA, something comfuse me, so I'd like to understand better by posting here:one type of OTP,a TOTP like google authenticator, bases on a shared secret key, since keycan be seen in mail box, it's not quite safe, is it saved in mail box as well?(does it also travel on internet? which makes it even worse?) a U2F software can do it's work without this app, so it doesn't look like a good choice.If this is the case, why so many web mail even some promising ones still chose google-authenticator as 2FA?Although gmail itself can add yubikey as enhence for TOTP, I don't see how that's safer.because with or without press the yubikey button, an U2F software can generate same 6-digit-number as password to enter here. Today most of webmails would say they use 2FA, but not introduce in detailswhich protocol it uses. some claim it use yubikey, so is OTP here that use key pair instead of the shared secret key? which is much better.I don't find many webmail use Y ubikey as 2FA on OTP,if any of you find something is rather relaible,recommend very welcome, THANK YOU.
-- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/201902122145.x1CLj2cr003976%40api2.scryptmail.com. For more options, visit https://groups.google.com/d/optout.
