[kwlug-disc] Google with TOTP

Khalid Baheyeldin kb at 2bits.com
Tue Jun 14 17:13:26 EDT 2022


On Tue, Jun 14, 2022 at 5:09 PM Bob B <bob at softscape.ca> wrote:

> ... would you consider using an app password for the specific clients that
> are unable to do MFA?
>

Now that I have something working, there is less of a pressing need for
that.
But good to confirm what others have said: no SIM swap identity theft
possible after you make 2FA work in other ways.


> As a result of reading this stuff, I went into my goggle account and
> removed the 2FA associated with phone numbers* and noticed that I have app
> passwords for some google services where I use clients incapable of MFA.
>

That was my initial plan.
I am not sure if app passwords expire and need to be renewed every now and
then.
If they do, then depending on the frequency, that may be annoying.

If they don't then what is the benefit of app passwords over the previous
scheme of using your own Gmail password?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20220614/af712ad3/attachment.htm>


More information about the kwlug-disc mailing list