From 9b0467677ae68500726d4d413dbdb8712b7e13c2 Mon Sep 17 00:00:00 2001
From: Unbreathable <70802809+Unbreathable@users.noreply.github.com>
Date: Fri, 15 May 2026 09:40:28 +0200
Subject: [PATCH] feat: task 2a

---
 sheet04/a2/a.txt | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 sheet04/a2/a.txt

diff --git a/sheet04/a2/a.txt b/sheet04/a2/a.txt
new file mode 100644
index 0000000..27b3020
--- /dev/null
+++ b/sheet04/a2/a.txt
@@ -0,0 +1,26 @@
+After some search these are my most used services (with number of visits):
+7191|gitlab.uni-ulm.de
+7409|github.com
+8307|www.youtube.com
+10696|duckduckgo.com
+11337|www.wanikani.com
+
+1. Wanikani is a Japanese learning app and does not support any kind of multi-factor-authentication. You can log in with your email address and also reset your password using your email address. They only removed username login in 2023: https://community.wanikani.com/t/updating-wanikani-password-recovery-options/61437.
+
+2. DuckDuckGo does not even have a login, so no need for authentication. I guess in a way, the most secure account is the account that doesn't exist. However, since it felt like cheating: I also use Proton a lot, and they have a lot of options for login. Speaking from personal experience here are the ones I know:
+- TOTP: Active for my account as well (they even have their own Authenticator app)
+- Security keys: Also available for two-factor authentication
+- In case of Proton Pass: You can set a second password that unlocks the password manager to make sure someone doesn't get access when they get your main password (just additional security).
+- For recovery, you can also set emergency contacts and stuff (so people could get access to your account even if you died), they have a pretty comprehensive system in total and I think they're really doing a good job with authentication
+
+3. YouTube: Well, here it gets a little complicated, but it's basically the same as for any Google account and because it's a big platform there are so many security options that you can't even count them all.
+- TOTP
+- Pass keys
+- Email 2FA
+- Google's own autentication system that works with any Android device (the one where a code is sent to your phone instead of by email)
+- Security codes: Offline credentials similar to TOTP that can be viewed in the Google app on a phone when logged in (as a compliment to Google's own code sending)
+- You can also chain any of those together to make your account more secure
+
+4. GitHub: Also really solid here: TOTP, Security keys, GitHub Mobile and SMS/Text (marked as insecure) messages are supported. However, no multi-factor authentication, you can only configure a second factor.
+
+5. University GitLab: Also a lot available: Login usually works through the University's account system, but you can additionally add TOTP and WebAuthn devices (so passkeys).