undefined | Better HN

0 pointsprocombo4y ago0 comments

Authenticator apps, and SMS help them derive you have identity -- which is more secure for them and you. Hardware token via WebAuthn (etc) is only more secure for you.

When they say "for the sake of security" they mean for them too.

There's a reason they want you to verify using one of the first two methods first.

0 comments

2 comments · 1 top-level

dns_snek4y ago· 1 in thread

> Authenticator apps, and SMS help them derive you have identity

How do they do that?

TOTP (i.e. authenticator apps) is a simple algorithm where the value is derived from a secret key and current time. It certainly doesn't verify anything about you.

anticensor4y ago

By making the initial TOTP secret different for everyone.

j / k navigate · click thread line to collapse