Two locks are better than one lock, right?🔒 And the same should apply for your online account credentials!

Reply to Two locks are better than one lock, right?🔒 And the same should apply for your online account credentials! on Sat, 28 Mar 2026 21:05:27 GMT

cosipa@social.linux.pizza — Sat, 28 Mar 2026 21:05:27 GMT

@blueluma @Tutanota Not true actually, you can download Authnkey from fdroid that provides the "UI" needed for hardware passkeys to work without google play services. https://github.com/mimi89999/Authnkey
Hopefully this helps!

Reply to Two locks are better than one lock, right?🔒 And the same should apply for your online account credentials! on Sat, 28 Mar 2026 19:52:48 GMT

tennoseremel@gts.skobk.in — Sat, 28 Mar 2026 19:52:48 GMT

@Tutanota I’d rather have a good long password.

Reply to Two locks are better than one lock, right?🔒 And the same should apply for your online account credentials! on Sat, 28 Mar 2026 16:28:38 GMT

dadinek@fosstodon.org — Sat, 28 Mar 2026 16:28:38 GMT

@Tutanota in France, for banks you have to have a password only with digits and I never saw a proper 2FA with an external app. They are still in the previous century

Reply to Two locks are better than one lock, right?🔒 And the same should apply for your online account credentials! on Sat, 28 Mar 2026 15:28:57 GMT

realgene@hachyderm.io — Sat, 28 Mar 2026 15:28:57 GMT

@Tutanota
JFC, this should have been the first sentence in that blog.
DEFINE ACRONYMS AT THE FIRST USE.

Reply to Two locks are better than one lock, right?🔒 And the same should apply for your online account credentials! on Sat, 28 Mar 2026 14:01:25 GMT

blueluma@mastodon.social — Sat, 28 Mar 2026 14:01:25 GMT

@Tutanota Android does not supports security keys by default, you need google play services for this ‍

Reply to Two locks are better than one lock, right?🔒 And the same should apply for your online account credentials! on Sat, 28 Mar 2026 13:30:53 GMT

erikvanstraten@todon.nl — Sat, 28 Mar 2026 13:30:53 GMT

@Tutanota : rubbish.

Two WEAK locks may be LESS pointless than one WEAK lock, but they're still pointless. Go read https://www.csoonline.com/article/4147134.

U2F has been superseded by FIDO2 (hardware keys in WebAuthn mode) and Passkeys (example in Dutch: https://todon.nl/@ErikvanStraten/116285192238090438).

Both WebAuthn methods have advantages and disadvantages.

If you don't like them, use a trustworthy passwordmanager and:

• Let it create a unique, random, as long as possible, pw per account

• Make backups of the pw mngr database

• Device compromise means "game over"

• Use Autofill (easy in Android and iOS/iPadOS)

• If Autofill does not automatically retrieve your credentials, it probably is a fake (phishing) website. Do read https://www.troyhunt.com/a-sneaky-phish-just-grabbed-my-mailchimp-mailing-list/

Please stop misinforming people.

#WeakMFAsucks #Weak2FAsucks #FIDO2 #WebAuthn #Passkeys #AutoFill #KeePassium #KeePassDX

Reply to Two locks are better than one lock, right?🔒 And the same should apply for your online account credentials! on Sat, 28 Mar 2026 13:01:01 GMT

guyincognito@closednetwork.social — Sat, 28 Mar 2026 13:01:01 GMT

@Tutanota its a shame a lot of websites still want to use SMS for their 2FA. I have an account with a big bank that won't allow me to use my preferred 2FA method, while another account I have with a small town bank will let me 2FA with whatever more secure method I want. Get with it people.