Need a email processor for 2fa (ideas?)

DeadlyChemist

im tired of companies that give me 2fa still via email... (like steam)
anyways, is there a magic service to extract that?
another idea was to just scan the email for keywords like 2 factor etc, and if elegible, send it to chatgpt to extract

looking for ideas, or solution

same for sms too, getting a sms receiver as well (unless you know of an app that can auto send all my sms to api)

JosephF

What goal are you ultimately trying to accomplish?

DeadlyChemist

@JosephF said:
What goal are you ultimately trying to accomplish?

automatically copy 2fa codes of emails without opening them, or straight up puting them in my 1password

JabJab

@DeadlyChemist said: 2fa still via email... (like steam)

Then use the damn Steam Authenticator and generated codes

default

2FA through email address? Bad idea. If an abuser gets access to email, then 2FA becomes useless, so then what is the point of 2FA?

The fact that Steam does it, it does not mean it is the best idea. Keep in mind Steam is made for consumers who don't know nor care about deep security. That is a gaming platform with children who might not even have a phone for 2FA, not to mention Yubikey.

DeadlyChemist

@default said:
2FA through email address? Bad idea. If an abuser gets access to email, then 2FA becomes useless, so then what is the point of 2FA?

The fact that Steam does it, it does not mean it is the best idea. Keep in mind Steam is made for consumers who don't know nor care about deep security. That is a gaming platform with children who might not even have a phone for 2FA, not to mention Yubikey.

there are companies that dont have anything else than email 2fa

JosephF

@default said:
2FA through email address? Bad idea. If an abuser gets access to email, then 2FA becomes useless, so then what is the point of 2FA?

The fact that Steam does it, it does not mean it is the best idea. Keep in mind Steam is made for consumers who don't know nor care about deep security. That is a gaming platform with children who might not even have a phone for 2FA, not to mention Yubikey.

Even if you have Yubikey and your provider uses it, if they offer email 2FA as a backup option, you still have the same risk despite the Yubikey.

default

@JosephF said:

@default said:
2FA through email address? Bad idea. If an abuser gets access to email, then 2FA becomes useless, so then what is the point of 2FA?

The fact that Steam does it, it does not mean it is the best idea. Keep in mind Steam is made for consumers who don't know nor care about deep security. That is a gaming platform with children who might not even have a phone for 2FA, not to mention Yubikey.

Even if you have Yubikey and your provider uses it, if they offer email 2FA as a backup option, you still have the same risk despite the Yubikey.

Exactly, 2FA should not rely on email address at all, otherwise it partially defeats the security which 2FA was designed to provide.

Such suggested concept is easier implemented by simply clicking a link in an email message with the purpose of validating every login. However, this is usually done on account registrations, not on logins, because account registration verifies the email address if it is correct and working.

API

I honestly don't think it's a good idea, but if you want to do it: for sms you can use a twilio phone so you get a callback on every sms. For email, something like this https://www.cloudmailin.com/inbound would work

ehhthing

You could write your own pretty easily, with Cloudflare incoming mail workers.

kevinds

@default said: Exactly, 2FA should not rely on email address at all, otherwise it partially defeats the security which 2FA was designed to provide.

I agree. SMS is worse security wise and much more annoying to use, but it is what it is..

This isn't something consumers get a choice in though.

kevinds

@DeadlyChemist said: automatically copy 2fa codes of emails without opening them, or straight up puting them in my 1password

No because there is no standard format that the emails use, even the type of codes used.

Into 1Password? No bloody way.

DeadlyChemist

@API said:
I honestly don't think it's a good idea, but if you want to do it: for sms you can use a twilio phone so you get a callback on every sms. For email, something like this https://www.cloudmailin.com/inbound would work

I have my own module for sms
Not paying for a number
Tho a app would have been good as well
Might chuck all sms into chatgpt or similar
But for mails with huge size i domt really know

DeadlyChemist

@kevinds said:

@DeadlyChemist said: automatically copy 2fa codes of emails without opening them, or straight up puting them in my 1password

No because there is no standard format that the emails use, even the type of codes used.

Into 1Password? No bloody way.

1password has a api, so thats doable, but worst case i'll just send it to my pcs as popup

Yes, that is my problem, every mail looks diffrently and i need to wxtract 2fa

DeadlyChemist

Sms feature on it's way
Just have to get the SIM module working

default

@DeadlyChemist said:
Sms feature on it's way
Just have to get the SIM module working

Many people do not like SMS for 2FA. Personally I have nothing against it. My only problem with it is in delays, because it depends on signal, providers, including settings and operating system (since software can flag it as spam and refuse to show it).

To me, the best 2FA are Yubikey and codes generated every minute (plus recovery codes).

DeadlyChemist

@default said:

@DeadlyChemist said:
Sms feature on it's way
Just have to get the SIM module working

Many people do not like SMS for 2FA. Personally I have nothing against it. My only problem with it is in delays, because it depends on signal, providers, including settings and operating system (since software can flag it as spam and refuse to show it).

To me, the best 2FA are Yubikey and codes generated every minute (plus recovery codes).

Yeah but.my issue is i can never find my phone or email

default

@DeadlyChemist said:

@default said:

@DeadlyChemist said:
Sms feature on it's way
Just have to get the SIM module working

Many people do not like SMS for 2FA. Personally I have nothing against it. My only problem with it is in delays, because it depends on signal, providers, including settings and operating system (since software can flag it as spam and refuse to show it).

To me, the best 2FA are Yubikey and codes generated every minute (plus recovery codes).

Yeah but.my issue is i can never find my phone or email

Don't worry. Elon Musk is working on a project (Neuralink) to put chips into brains. He already had a first prototype implementation into a human, which was a success. In future we will combine this with artificial intelligence so that a simple thought of logging you in will grant you access instantly, without any 2FA.

Please wait. The end is nigh.

cochon

@default said:

@DeadlyChemist said:
Sms feature on it's way
Just have to get the SIM module working

Many people do not like SMS for 2FA. Personally I have nothing against it.

My main issue is that the 2FA 'device' is in fact just the mobile number which is often too easy a target for fraudsters (Simjacking). Compounded by banks who'll be overly helpful 'reconnecting' their app with your bank account once the fraudsters have your number.

Yes you need to be targeted for this sort of thing, but it's not uncommon, and banking seems an industry that seems fixated on keeping SMS. TOTP is an order of magnitude more secure even if it is easy to phish. Hardware keys and TPM/FIDO chips in devices are the future.

DeadlyChemist

@cochon said:

@default said:

@DeadlyChemist said:
Sms feature on it's way
Just have to get the SIM module working

Many people do not like SMS for 2FA. Personally I have nothing against it.

My main issue is that the 2FA 'device' is in fact just the mobile number which is often too easy a target for fraudsters (Simjacking). Compounded by banks who'll be overly helpful 'reconnecting' their app with your bank account once the fraudsters have your number.

Yes you need to be targeted for this sort of thing, but it's not uncommon, and banking seems an industry that seems fixated on keeping SMS. TOTP is an order of magnitude more secure even if it is easy to phish. Hardware keys and TPM/FIDO chips in devices are the future.

too poor for that

current workflow
either using SIMXXX module i think or taster, send the sms to a local server and process (most likely using chatgpt...)

email, no idea

DeadlyChemist

got 90% working for sms (using chatgpt with some pre-filtering)
now just need a way to put them inside 1password