I'm confused about the risks of 2-factor authentication.
I'm a developer, who has to do some ops, and considering turning it on for my DigitalOcean and GitHub accounts. Both offer TOTP(?) and indicate Google Authenticator. Great.
Then I read some FUD about Google Authenticator and looked for an alternative. There's Authy and a bunch of others.
Ok, now I'm wondering what level of Trust I'm giving my 2-factor provider. I've never heard of these alternative companies.
1) I think any authenticator can't access my accounts because they don't have my username/password. Is that true? If they are compromised or a bad actor, what is at risk?
2) What are some simple industry best practice TOTP apps? Is Google Authenticator in the top 3?
Thanks!
Mike
Aucun commentaire:
Enregistrer un commentaire