Privacy

31253 readers

719 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago

MODERATORS

[email protected]

Is it bad to expose the 2FA codes? (lemmy.ml)

submitted 11 months ago by [email protected] to c/[email protected]

23 comments fedilink hide all child comments

In a few weeks I'll do a workshop about security for people who are tech illiterate, I plan to teach about password managers and 2FA.

If I show the 2FA number codes, like the 123 456 ones that I have to paste when required, can that be a possible security breach for me? or is it save since is gonna change in a few seconds anyway?

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 3 points 11 months ago (3 children)

is there some useless service that I can use to ser up a 2FA for a demo?

[–] [email protected] 2 points 11 months ago* (last edited 11 months ago)

For me I'd put proxmox in a proxmox. get the second one installed with a user then save it as a template. From here you can spin up a new image and use the TOTP services to show various 2FA which include YUBI keys if ever the tutorials get deep. I don't know if there is a 2FA playground as such that just to me seems like a quick low impact way of showing the process. You then just delete that image within the first proxmox install. Hold the phone just searched 2FA playground and it gave me https://pragmarx.com/playground/google2fa#/ which seems perfect for your needs. I can't vouch for the safety of the site but their github is on there so have a browse through

[–] [email protected] 1 points 11 months ago (1 children)

Is this being taught in a computer lab or will the students all have laptops or smartphones? If so I would almost be tempted to just walk them through all creating a temporary email address and then setting up 2fa on the accounts. But yeah Gmail accounts.

[–] [email protected] 2 points 11 months ago (1 children)

where can I find temporary mails that have 2FA logins?

[–] [email protected] 3 points 11 months ago* (last edited 11 months ago)

You can create endless Gmail accounts for free and google has several different 2fa options to choose from. So you could make one '[email protected]' or have each person on their own device create dummy Gmail addresses like '[email protected]' and have each student go through the process individually. They would only be temporary in that you'd just stop using it after the class and google would eventually get rid of it(maybe?) After long enough without any use. I don't think you're going to find something that just generates dummy 2fa codes for demo purposes.

[–] [email protected] 1 points 11 months ago* (last edited 11 months ago)

You can setup a Nextcloud instance in a docker and then enable TOTP for the logins. That way, its a separate thing from what you're personally using, and provides a direct analog to the online services that they use. You can even create multiple accounts for your students and have them try it personally.

Here's the docker-compose file if you're interested.