Yeah, they overlap since I did whole hour (120 30-second codes). I didn’t know specific time, so it’s 2 pages, 3 hours, 42 minutes and 30 seconds.
Credit goes to oathtool (and LibreOffice Write).
Font: Liberation Mono
Yeah, they overlap since I did whole hour (120 30-second codes). I didn’t know specific time, so it’s 2 pages, 3 hours, 42 minutes and 30 seconds.
Credit goes to oathtool (and LibreOffice Write).
Font: Liberation Mono
I don’t follow what you’re trying to say here. (The last 2 sentences contradict in my mind)
Anyway, phone vs this tomfoolery, it might not be more/less secure, just different.
What’s on paper is all there will be, as it doesn’t include the secret for generating additional codes.
Phone has that, but also has a screen lock. Whether that is easy to bypass will depend on environment, but after the first unlock, it is at least realistic.
Plus you have people like my father who go by “no lock, nothing to hide”.
For immediate exploit, paper looses.
For later persistent exploitation, phone looses.
Also, no one’s going to have endless scrolls of codes like this. 2 pages for less than 4 hours. Round that up to 2 hours per page, that would be 12 pages per day, 360 pages per month, 4,380 pages per year.
I had to do this, because it was a requirement (they even recommended to print out the password). Actually, they didn’t mention 2FA, just to print out the password (and no use of personal devices). This is the best I could do given the environment.
There are purposed 2FA devices that aren’t your phone. Leaving one of those laying around is about the same security level as leaving these papers is what that says. Either way that sounds like ass to deal with regardless of how secure it is. Give me Aegis or give me death.
Oh, how could I forget that. My bank uses them. But it also needs my (physical) debit card and its PIN.
Bit cumbersome to use.
It feels like fifteen tons to login anywhere in the modern day.