In a few weeks I’ll do a workshop about security for people who are tech illiterate, I plan to teach about password managers and 2FA.

If I show the 2FA number codes, like the 123 456 ones that I have to paste when required, can that be a possible security breach for me? or is it save since is gonna change in a few seconds anyway?

  • miss_brainfart@lemmy.ml
    link
    fedilink
    arrow-up
    22
    ·
    1 year ago

    I’d probably edit a few example screenshots for a purpose like that.

    If you really want to show it live on an actual device, then maybe with a throwaway/dummy account

    • JoeKrogan@lemmy.world
      link
      fedilink
      arrow-up
      5
      ·
      edit-2
      1 year ago

      Yea I think that is most valuable as you can include the setup and answer questions people may have. What is obvious to us may not be obvious to them.

  • Boring@lemmy.ml
    link
    fedilink
    arrow-up
    6
    ·
    1 year ago

    Unless there’s a super hacker or NSA agent in the class that can figure out your password in real time… You should be fine doing that.

  • hottari@lemmy.ml
    link
    fedilink
    arrow-up
    6
    ·
    1 year ago

    Make dummy accounts for demos. Will save you a lot of trouble in the future and teach you compartmentalization.

  • hperrin@lemmy.world
    link
    fedilink
    arrow-up
    4
    ·
    1 year ago

    It’s as safe as “leaking” an encrypted document. No one can figure out your TOTP secret unless they brute force it with only a leaked code or two. But if it worries you, you can always change your TOTP secret by going through 2FA setup again.

    Also, even if someone knows your second factor, they still need your first factor (your password).

  • nao@sh.itjust.works
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    If you leak one of the 2FA codes, especially together with a timestamp, in theory it allows someone to brute force the seed, since they now have one known plaintext. If you leak multiple, it reduces the amount of time needed to do that.

  • loki@lemmy.ml
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 year ago

    it’s unlikely they are going to be able to bruteforce your 2FA codes in the duration of the class, so just change them back once you’re done with the class?

    or record the video showing the whole process. change the code, show the video you recorded before the change