Comment on Help open the source of the myGov Code Generator app
vividspecter@aussie.zone 6 days ago
I think a better approach would be:
-
Support conventional TOTP codes that any other 2FA app supports
-
Give passkeys first-class support (currently there is a bug where a passkey login is not counted as a real login, so you could lose your account due to inactivity if you don’t login with a password in a while)
-
Similarly, allow passkey only login so there isn’t the vulnerability from SMS 2FA (or make it 2 factor with passkeys + password and/or 2FA)
I know some are wary about passkeys because they are often tied to a device, but common password managers now have great support for it (such as bitwarden and keepassXC) and you could even use a physical key instead.