Deutsch   English   Français   Italiano  
<vqeeiu$3ffn8$1@dont-email.me>

View for Bookmarking (what is this?)
Look up another Usenet article

Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!eternal-september.org!.POSTED!not-for-mail
From: AJL <noemail@none.com>
Newsgroups: comp.mobile.android
Subject: Re: Google will no longer send SMSs with six digit codes for
 verification
Date: Fri, 7 Mar 2025 09:34:23 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 59
Message-ID: <vqeeiu$3ffn8$1@dont-email.me>
References: <803e9lxp44.ln2@Telcontar.valinor>
 <1begjrynfhjra$.dlg@v.nguard.lh> <k8cg9lx8uf.ln2@Telcontar.valinor>
 <1bfu5iribmwb4$.dlg@v.nguard.lh>
 <vq4hce.l64.1@ID-201911.user.individual.net> <vq6a3h$1p9sb$1@dont-email.me>
 <l8nlfkd5cizd.dlg@v.nguard.lh> <96uj9lxjvi.ln2@Telcontar.valinor>
 <17fmpgc4tfncj$.dlg@v.nguard.lh>
 <vq7rjj.47s.1@ID-201911.user.individual.net> <hncfhd611fab.dlg@v.nguard.lh>
 <9kqk9lx6m3.ln2@Telcontar.valinor> <1r6si9zdyx9ek.dlg@v.nguard.lh>
 <1vum9lxhu1.ln2@Telcontar.valinor> <1hb68gbht5hgg$.dlg@v.nguard.lh>
 <93eo9lxg6r.ln2@Telcontar.valinor> <7sbrtsehnbnu.dlg@v.nguard.lh>
 <upjp9lxav6.ln2@Telcontar.valinor> <1d7jrv42y0fqb$.dlg@v.nguard.lh>
 <vqdqc4$38got$1@dont-email.me> <35yyjy1d6br.dlg@v.nguard.lh>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Fri, 07 Mar 2025 10:34:24 +0100 (CET)
Injection-Info: dont-email.me; posting-host="6e7e9d7198de02873b57f7dcfdb11104";
	logging-data="3653352"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX1+a4LIO6cQWiDDL7vZ8LxM4"
User-Agent: PhoNews/3.13.3 (Android/11)
Cancel-Lock: sha1:J61IaKyFxSaCrJodQjDqnEGjpYw=
In-Reply-To: <35yyjy1d6br.dlg@v.nguard.lh>
Bytes: 4513

On 3/7/25 12:53 AM, VanguardLH wrote:
>AJL <noemail@none.com> wrote:
>
>> My sensitive apps only require ONE 2FA login (including Walmart). Once
>> the host device is blessed it can be set so that no more 2FA is
>> required. So like Carlos I seldom need SMS 2FA. Only the apps on my
>> new toys for the first time. Course if I was paranoid I could set it
>> to ask on every login. But I don't. Apparently you do??
>
>I avoid web-centric site-specific apps, like apps just for one site;
>e.g., Walmart, bank, Home Depot, Delta (airline).  Instead I visit them
>in a web browser.  One app that does all instead one app that does one
>site.  Maybe if I used site-specific apps then I'd get 2FA far less
>often, or not at all.  I tend to be very frugal as to what gets
>installed on my smartphone.  I'm unlike a lot of smartphone users that
>install any app just because there is one.

IMO specific apps are much easier to use on a phone or tablet than a
 browser. But the Android browser I use, Chrome, also remembers the device
 for each site and thus only one 2FA per site I use is required as in my
 apps. YMMV depending on the site I suppose but all mine be it app or
 browser only need one 2FA per device if so set.

>Does any web browser store 2FA codes for reuse on login? 

The only browser I use for 2FA is Chrome on everything: Android, W11, and
 Chrome OS stuff. It works the same on all. Only one 2FA per app/device
 unless set otherwise.


>Perhaps DOM
>Storage (aka site data) gets used for that.  I doubt any secure site is
>going to use cookies.  I configure my web browser (Firefox) to purge
>*all* its locally cached data on exit 

I do the same with my Firefox browsers. But of course they won't remember
 anything including 2FA being set that way. If you get tired of redoing 2FA
 I suggest you get one browser just for that purpose.


>as a countermeasure to tracking,
>and up my privacy, and tweak the web browser to improve security.
>Firefox on Android permits extensions like uBlock Origin.  Chrome on
>Android does not allow any extensions.  

True. That's why I use apps.

>As for web-centric apps, has there been any independent audits on each
>one to determine their login security, and secure local files storing
>any user data?  Don't most use the accounts stored in Android itself, so
>those get reused.  I don't think Android is storing any 2FA codes or
>other token in the accounts stored in Android.

Dunno. I put my trust in the individual apps. If I can't trust my bank,
 investment, utilities, Walmart, etc, what can I trust? Walmart does pretty
 good BTW. It lets me buy stuff without a new 2FA each time but to reorder
 prescriptions from the pharmacy section it requires a pin to get in...