Deutsch English Français Italiano |
<vqeeiu$3ffn8$1@dont-email.me> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!eternal-september.org!.POSTED!not-for-mail From: AJL <noemail@none.com> Newsgroups: comp.mobile.android Subject: Re: Google will no longer send SMSs with six digit codes for verification Date: Fri, 7 Mar 2025 09:34:23 -0000 (UTC) Organization: A noiseless patient Spider Lines: 59 Message-ID: <vqeeiu$3ffn8$1@dont-email.me> References: <803e9lxp44.ln2@Telcontar.valinor> <1begjrynfhjra$.dlg@v.nguard.lh> <k8cg9lx8uf.ln2@Telcontar.valinor> <1bfu5iribmwb4$.dlg@v.nguard.lh> <vq4hce.l64.1@ID-201911.user.individual.net> <vq6a3h$1p9sb$1@dont-email.me> <l8nlfkd5cizd.dlg@v.nguard.lh> <96uj9lxjvi.ln2@Telcontar.valinor> <17fmpgc4tfncj$.dlg@v.nguard.lh> <vq7rjj.47s.1@ID-201911.user.individual.net> <hncfhd611fab.dlg@v.nguard.lh> <9kqk9lx6m3.ln2@Telcontar.valinor> <1r6si9zdyx9ek.dlg@v.nguard.lh> <1vum9lxhu1.ln2@Telcontar.valinor> <1hb68gbht5hgg$.dlg@v.nguard.lh> <93eo9lxg6r.ln2@Telcontar.valinor> <7sbrtsehnbnu.dlg@v.nguard.lh> <upjp9lxav6.ln2@Telcontar.valinor> <1d7jrv42y0fqb$.dlg@v.nguard.lh> <vqdqc4$38got$1@dont-email.me> <35yyjy1d6br.dlg@v.nguard.lh> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Injection-Date: Fri, 07 Mar 2025 10:34:24 +0100 (CET) Injection-Info: dont-email.me; posting-host="6e7e9d7198de02873b57f7dcfdb11104"; logging-data="3653352"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+a4LIO6cQWiDDL7vZ8LxM4" User-Agent: PhoNews/3.13.3 (Android/11) Cancel-Lock: sha1:J61IaKyFxSaCrJodQjDqnEGjpYw= In-Reply-To: <35yyjy1d6br.dlg@v.nguard.lh> Bytes: 4513 On 3/7/25 12:53 AM, VanguardLH wrote: >AJL <noemail@none.com> wrote: > >> My sensitive apps only require ONE 2FA login (including Walmart). Once >> the host device is blessed it can be set so that no more 2FA is >> required. So like Carlos I seldom need SMS 2FA. Only the apps on my >> new toys for the first time. Course if I was paranoid I could set it >> to ask on every login. But I don't. Apparently you do?? > >I avoid web-centric site-specific apps, like apps just for one site; >e.g., Walmart, bank, Home Depot, Delta (airline). Instead I visit them >in a web browser. One app that does all instead one app that does one >site. Maybe if I used site-specific apps then I'd get 2FA far less >often, or not at all. I tend to be very frugal as to what gets >installed on my smartphone. I'm unlike a lot of smartphone users that >install any app just because there is one. IMO specific apps are much easier to use on a phone or tablet than a browser. But the Android browser I use, Chrome, also remembers the device for each site and thus only one 2FA per site I use is required as in my apps. YMMV depending on the site I suppose but all mine be it app or browser only need one 2FA per device if so set. >Does any web browser store 2FA codes for reuse on login? The only browser I use for 2FA is Chrome on everything: Android, W11, and Chrome OS stuff. It works the same on all. Only one 2FA per app/device unless set otherwise. >Perhaps DOM >Storage (aka site data) gets used for that. I doubt any secure site is >going to use cookies. I configure my web browser (Firefox) to purge >*all* its locally cached data on exit I do the same with my Firefox browsers. But of course they won't remember anything including 2FA being set that way. If you get tired of redoing 2FA I suggest you get one browser just for that purpose. >as a countermeasure to tracking, >and up my privacy, and tweak the web browser to improve security. >Firefox on Android permits extensions like uBlock Origin. Chrome on >Android does not allow any extensions. True. That's why I use apps. >As for web-centric apps, has there been any independent audits on each >one to determine their login security, and secure local files storing >any user data? Don't most use the accounts stored in Android itself, so >those get reused. I don't think Android is storing any 2FA codes or >other token in the accounts stored in Android. Dunno. I put my trust in the individual apps. If I can't trust my bank, investment, utilities, Walmart, etc, what can I trust? Walmart does pretty good BTW. It lets me buy stuff without a new 2FA each time but to reorder prescriptions from the pharmacy section it requires a pin to get in...