Thanks, I suspected this (I only see “authenticator app” when I log in on a new device or periodically, but I wasn’t sure.
Related: for finance related services like Questrade, I’ve stored my TOTP keys on a U2F key, Yubico in my case. Besides the hassle of managing physical keys, is there any drawback to this approach? I’m slightly worried I’ll lose all my keys in a house fire or something, but I assume there’s a recovery option.
That I don’t know. I store the TOTP keys into an app on my phone an into a separated KeePass DB that’s different from my regular one. Two copies of that is good enough to let me sleep at night.
Questrade allows TOTP, SMS and some other methods, but you can select which ones you want to enable. I have only TOTP and it works as expected.
Thanks, I suspected this (I only see “authenticator app” when I log in on a new device or periodically, but I wasn’t sure.
Related: for finance related services like Questrade, I’ve stored my TOTP keys on a U2F key, Yubico in my case. Besides the hassle of managing physical keys, is there any drawback to this approach? I’m slightly worried I’ll lose all my keys in a house fire or something, but I assume there’s a recovery option.
That I don’t know. I store the TOTP keys into an app on my phone an into a separated KeePass DB that’s different from my regular one. Two copies of that is good enough to let me sleep at night.