IT-Sec_Group_K/it-sec-exercises
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 5 Wiki Activity

feat: task 2a

Browse Source
This commit is contained in:
Unbreathable
2026-05-15 09:40:28 +02:00
parent 203f68ea1b
commit 9b0467677a
1 changed files with 26 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
sheet04/a2/a.txt Normal file
View File

@@ -0,0 +1,26 @@
After some search these are my most used services (with number of visits):
7191|gitlab.uni-ulm.de
7409|github.com
8307|www.youtube.com
10696|duckduckgo.com
11337|www.wanikani.com
1. Wanikani is a Japanese learning app and does not support any kind of multi-factor-authentication. You can log in with your email address and also reset your password using your email address. They only removed username login in 2023: https://community.wanikani.com/t/updating-wanikani-password-recovery-options/61437.
2. DuckDuckGo does not even have a login, so no need for authentication. I guess in a way, the most secure account is the account that doesn't exist. However, since it felt like cheating: I also use Proton a lot, and they have a lot of options for login. Speaking from personal experience here are the ones I know:
- TOTP: Active for my account as well (they even have their own Authenticator app)
- Security keys: Also available for two-factor authentication
- In case of Proton Pass: You can set a second password that unlocks the password manager to make sure someone doesn't get access when they get your main password (just additional security).
- For recovery, you can also set emergency contacts and stuff (so people could get access to your account even if you died), they have a pretty comprehensive system in total and I think they're really doing a good job with authentication
3. YouTube: Well, here it gets a little complicated, but it's basically the same as for any Google account and because it's a big platform there are so many security options that you can't even count them all.
- TOTP
- Pass keys
- Email 2FA
- Google's own autentication system that works with any Android device (the one where a code is sent to your phone instead of by email)
- Security codes: Offline credentials similar to TOTP that can be viewed in the Google app on a phone when logged in (as a compliment to Google's own code sending)
- You can also chain any of those together to make your account more secure
4. GitHub: Also really solid here: TOTP, Security keys, GitHub Mobile and SMS/Text (marked as insecure) messages are supported. However, no multi-factor authentication, you can only configure a second factor.
5. University GitLab: Also a lot available: Login usually works through the University's account system, but you can additionally add TOTP and WebAuthn devices (so passkeys).