Kevin Karhan :verified:<p><span class="h-card"><a href="https://chaos.social/@adfichter" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>adfichter</span></a></span> <span class="h-card"><a href="https://waldvogel.family/@marcel" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>marcel</span></a></span> Wegen SOWAS mag ich kein <a href="https://mstdn.social/tags/2FA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>2FA</span></a> außerhalb von <a href="https://mstdn.social/tags/iTAN" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>iTAN</span></a>-Listen!</p>
mastodon.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
The original server operated by the Mastodon gGmbH non-profit
Administered by:
Server stats:
340Kactive users
mastodon.social: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.0-nightly.2025-04-15
#itan
0 posts · 0 participants · 0 posts today
Kevin Karhan :verified:<p><span class="h-card"><a href="https://linuxrocks.online/@BrodieOnLinux" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>BrodieOnLinux</span></a></span> <span class="h-card"><a href="https://fosstodon.org/@sourcerer" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>sourcerer</span></a></span> <a href="https://mstdn.social/tags/iTAN" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>iTAN</span></a> > <a href="https://mstdn.social/tags/SMS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SMS</span></a>-TAN!</p>
Kevin Karhan :verified:<p><span class="h-card"><a href="https://mastodon.online/@topher" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>topher</span></a></span> or at the very least <a href="https://mstdn.social/tags/iTAN" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>iTAN</span></a> instead of shitty <a href="https://mstdn.social/tags/SMS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SMS</span></a>... </p><p>Also <span class="h-card"><a href="https://social.nitrokey.com/@nitrokey" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>nitrokey</span></a></span> >> <a href="https://mstdn.social/tags/YubiKey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>YubiKey</span></a> for being fully <a href="https://mstdn.social/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensource</span></a>!</p>
Kevin Karhan :verified:<p><span class="h-card"><a href="https://shitposter.club/users/thatguyoverthere" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>thatguyoverthere</span></a></span> <span class="h-card"><a href="https://linuxrocks.online/@BrodieOnLinux" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>BrodieOnLinux</span></a></span> </p><p>Just use a pencil or pen to tick out those you used. <a href="https://mstdn.social/tags/ProblemSolved" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ProblemSolved</span></a> </p><p>Sarcasm aside, they also allow and encourage me to store my recovery codes seperately, thus they can also allow me to do the same with <a href="https://mstdn.social/tags/TANs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TANs</span></a> to <a href="https://mstdn.social/tags/2FA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>2FA</span></a>, and with <a href="https://mstdn.social/tags/iTAN" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>iTAN</span></a> they mitigate or at least vastly reduce the success rate of shouldersurfers gaining valid TANs...</p>
Kevin Karhan :verified:<p><span class="h-card"><a href="https://shitposter.club/users/thatguyoverthere" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>thatguyoverthere</span></a></span> <span class="h-card"><a href="https://linuxrocks.online/@BrodieOnLinux" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>BrodieOnLinux</span></a></span> Let's just say that if <a href="https://mstdn.social/tags/Github" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Github</span></a> wants to mandate <a href="https://mstdn.social/tags/2FA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>2FA</span></a> they need to make it even more accessible than <a href="https://mstdn.social/tags/git" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>git</span></a> is. </p><p>If I can't fit it on an <a href="https://mstdn.social/tags/OS1337" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OS1337</span></a> boot floppy and keep it fully airgapped on paper without knowing time and date, it's shit.</p><p>If banks accept <a href="https://mstdn.social/tags/iTAN" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>iTAN</span></a> to do million-euro transactions than Github can so too... <br><a href="https://mstdn.social/@kkarhan/110965679190470398" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mstdn.social/@kkarhan/11096567</span><span class="invisible">9190470398</span></a></p>
Kevin Karhan :verified:<p><span class="h-card"><a href="https://shitposter.club/users/thatguyoverthere" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>thatguyoverthere</span></a></span> <span class="h-card"><a href="https://linuxrocks.online/@BrodieOnLinux" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>BrodieOnLinux</span></a></span> </p><p>Also yes, all <a href="https://mstdn.social/tags/iTAN" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>iTAN</span></a> implementations will cross out all used TANs and the last 2-5 are used to auth a new iTAN sheet...</p><p>And the best part of it: those can be perfectly seperated and don't need anything but paper and ink to put them on.</p><p>Personally, I do want my shit to be so secure that I can't backdoor it at gunpoint without the ability to commit asset denial towards the attacker...</p><p>Call me weird, but I'd be dead for over a decade if I wasn't that cautious...</p>
Kevin Karhan :verified:<p><span class="h-card"><a href="https://mstdn.social/@10volt" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>10volt</span></a></span> <span class="h-card"><a href="https://shitposter.club/users/thatguyoverthere" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>thatguyoverthere</span></a></span> <span class="h-card"><a href="https://linuxrocks.online/@BrodieOnLinux" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>BrodieOnLinux</span></a></span> </p><p><a href="https://mstdn.social/tags/iTAN" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>iTAN</span></a> are numerized, pre-generated TANs that get requested for randomized 2FA...<br><a href="https://en.wikipedia.org/wiki/Transaction_authentication_number#Indexed_TAN_(iTAN)" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">en.wikipedia.org/wiki/Transact</span><span class="invisible">ion_authentication_number#Indexed_TAN_(iTAN)</span></a></p><p>And no, <a href="https://mstdn.social/tags/TOTP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TOTP</span></a> / <a href="https://mstdn.social/tags/HOTP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HOTP</span></a> & <a href="https://mstdn.social/tags/SMS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SMS</span></a>-<a href="https://mstdn.social/tags/TAN" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TAN</span></a> are NOT practical for numerous reasons I CANNOT disclose...<br><a href="https://mstdn.social/@kkarhan/110975936045776700" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mstdn.social/@kkarhan/11097593</span><span class="invisible">6045776700</span></a></p>
Kevin Karhan :verified:<p><span class="h-card"><a href="https://shitposter.club/users/thatguyoverthere" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>thatguyoverthere</span></a></span> <span class="h-card"><a href="https://linuxrocks.online/@BrodieOnLinux" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>BrodieOnLinux</span></a></span> I've yet to see any vulns re: <a href="https://mstdn.social/tags/iTAN" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>iTAN</span></a>|s...</p><p>They worked fine two decades ago and they work fine to this day...</p><p>If they don't like 8-digit numerals they could just go with the wholse <a href="https://mstdn.social/tags/Base64" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Base64</span></a> like I did here...<br><a href="https://github.com/kkarhan/misc-scripts/blob/7709dfdd907debe0912bbcc0fe7cbb694a0474d2/bash/.bash_aliases#L22" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/kkarhan/misc-script</span><span class="invisible">s/blob/7709dfdd907debe0912bbcc0fe7cbb694a0474d2/bash/.bash_aliases#L22</span></a></p>
Kevin Karhan :verified:<p><span class="h-card"><a href="https://linuxrocks.online/@BrodieOnLinux" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>BrodieOnLinux</span></a></span> it means that if <a href="https://mstdn.social/tags/GitHub" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GitHub</span></a> doesn't support any good <a href="https://mstdn.social/tags/offline" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>offline</span></a> - capable <a href="https://mstdn.social/tags/2FA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>2FA</span></a> like <a href="https://mstdn.social/tags/iTAN" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>iTAN</span></a>, a lot of folks won't use it at all!</p><p>Espechally since they don't support EVERY NATION AND NETWORK nor can one expect to have a dedicaded and secure phone number for that!</p>
Kevin Karhan :verified:<p><span class="h-card"><a href="https://chaos.social/@jhwgh1968" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>jhwgh1968</span></a></span> they could've chose to go with <a href="https://mstdn.social/tags/iTAN" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>iTAN</span></a>|s instead...</p><p><a href="https://en.wikipedia.org/wiki/Transaction_authentication_number#Indexed_TAN_.28iTAN.29" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">en.wikipedia.org/wiki/Transact</span><span class="invisible">ion_authentication_number#Indexed_TAN_.28iTAN.29</span></a></p>
Kevin Karhan :verified:<p><span class="h-card"><a href="https://hachyderm.io/@dalias" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>dalias</span></a></span> <span class="h-card"><a href="https://anarchism.space/@alexandria" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>alexandria</span></a></span> </p><p>and:<br>- you're forced to flee someplace and everyone around you will try to KOS you if they identify you.</p><p>Again: <a href="https://mstdn.social/tags/TAN" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TAN</span></a> or rather <a href="https://mstdn.social/tags/iTAN" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>iTAN</span></a> is the next best option.<br><a href="https://mstdn.social/@kkarhan/110271086419549862" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mstdn.social/@kkarhan/11027108</span><span class="invisible">6419549862</span></a></p>
Kevin Karhan :verified:<p><span class="h-card"><a href="https://anarchism.space/@alexandria" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>alexandria</span></a></span> that basically only allows <a href="https://mstdn.social/tags/iTAN" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>iTAN</span></a> as method, since those can be printed out or stored otherwise.<br><a href="https://en.wikipedia.org/wiki/Transaction_authentication_number#Indexed_TAN_(iTAN)" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">en.wikipedia.org/wiki/Transact</span><span class="invisible">ion_authentication_number#Indexed_TAN_(iTAN)</span></a></p><p>If necessary, the system would generate a new iTAN each time after successful login and demanding it for the next login, and so forth.</p>
MLS Takes<p><span class="h-card"><a href="https://social.kiesow.net/@dkiesow" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>dkiesow</span></a></span> I think they can win but need to be decisive in front of goal. <a href="https://mstdn.party/tags/Itan" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Itan</span></a> will also be playing for everything.</p>
Senioradmin<p>Drei Monate vor dem Ende immer noch kein Wort von meiner Bank dazu, dass <a href="https://social.tchncs.de/tags/itan" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>iTAN</span></a> abgeschafft wird. Alternativen werden nicht beworben. Irgendwo auf den Webseiten versteckt gibt es einen Antrag zum ausdrucken zum mTAN Verfahren, welches heute aber auch nicht mehr als sicher gilt. Andere Alternativen gibt es nicht.</p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload