this post was submitted on 23 Feb 2024
56 points (98.3% liked)

Canada

7185 readers
292 users here now

What's going on Canada?

Communities

🍁 Meta

🗺️ Provinces / Territories

🏙️ Cities / Local Communities

🏒 SportsHockey

Football (NFL)

  • List of All Teams: unknown

Football (CFL)

  • List of All Teams: unknown

Baseball

Basketball

Soccer

💻 Universities

💵 Finance / Shopping

🗣️ Politics

🍁 Social and Culture

Rules

Reminder that the rules for lemmy.ca also apply here. See the sidebar on the homepage:

https://lemmy.ca

founded 3 years ago
MODERATORS
otter@lemmy.ca
56
CRA now allows 2FA apps (infosec.pub)
submitted 8 months ago by rinze@infosec.pub to c/canada@lemmy.ca
26 comments fedilink hide all child comments
 

What the title says. Before you had to choose either SMS / call via phone or a very clunky code grid.

you are viewing a single comment's thread
view the rest of the comments
[–] axby@lemmy.ca 3 points 8 months ago* (last edited 8 months ago) (1 children)

Yes but you’re free to use an email provider which also supports security keys, which gmail and proton mail* do. I understand that the CRA needs to accommodate the average person who doesn’t care about security, but I think everyone in this thread appreciates when they also cater to people who care deeply about security and are willing to use strong unique passwords in a password manager and security keys or at least TOTP.

* it seems like they require keeping TOTP enabled because their mobile apps don’t support security keys. Meh.

[–] axby@lemmy.ca 3 points 8 months ago

To clarify on this: even the people who use gibberish as their password and don’t store it and rely on password resets via email are actually somewhat safe if their email is also highly safe. Maybe their password strategy for CRA implies they don’t take their email password security seriously either… but still, my point is just that “at least as secure as your email” can be an incredibly high bar if you do it right