Hacker News new | ask | show | jobs
by stephenr 86 days ago
What PII?

You store a TOTP secret on your <device>....

It's less PII than an ssh public key because it's literally just a random string, that *they* generated, and you only need it for the web UI.

So please tell me how the Americans are going to track and identify you through a fucking TOTP secret.
1 comments
bjourne 86 days ago
My phone number dumbo.
link
stephenr 85 days ago
Why would you use a phone number for 2FA. It's like saying you only use md5 hashing for passwords.
link