Yet Another Reason not to use SMS Authentication

I remember when Leo suggested this. I thought “Now, that’s pretty slick” because a bad guy: #1 Would never know you’re using a made up answer. And: #2 Even if he did think that, how would he know what your totally made up answer would be? If your answer to a question like: “What is your spouses name?” is a completely made up random jumble of words (and I’m single!) I think that’s pretty secure.

In my opinion this technique turns what normally is a lame security gate into a pretty good one. You do need a way to record your exact responses, I do and I’m not saying how I do it!

1 Like

your password manager notes section would be a good place

1 Like

Unless you started using TOTP with Authy. Then you’re stuck :frowning:

I use a Google Voice number from a different Google account.

Can you really not export out of Authy? Pretty crummy!

At the very least, you can print out the QR codes that websites generate and store them securely. I believe Mr. Steve Gibson follows this practice.

I tried a Github project that I saw referenced a couple of places but it failed to work - got some security timeout so I suppose they closed the loophole. I hate to have to redo all the codes but I suppose I have to. There’s an Android app called Aegis that I can export from, and I can import into from Authy on a rooted machine.

Did you see this? Does it even work?

1 Like

That did work - thanks. I remember seeing that earlier but I guess I’d forgotten about it.

I manually entered them into andOTP and now I can walk away from Authy if need be.

I just wish more places embraced TOTP, including Apple.

1 Like