Skip to Content
Navigation:

A stick figure smiling

If you want to see more comics like this, sign up for my saturday comics newsletter or browse more comics!

Image of a comic. To read the full HTML alt text, click "read the transcript".
read the transcript!

person 1: I have a really secure email password!
person 2: that’s awesome! but you know, if a hacker got my password, they STILL can’t get into my email :)
person 1: what? how?

There are 3 common ways to use 2FA:

SMS (okay!)

person: I’d like to login
email: I’ve sent you an SMS with a code. Enter the code to finish logging in

Problems:

  • Your phone # can get stolen (this happens in real life!)
  • Sometimes SMS doesn’t arrive

google authenticator app, aka TOTP (very good!)

person: I’d like to login
phone: 12345
email: enter the code from that app on your phone!

Problem: These codes can still be phished

security key, aka U2F (the easiest to use! the most secure!)

person: I’d like to login
tap yubikey - done!
These work AWESOME for gmail! You just plug it into a USB port!

Problems:

  • you have to buy it
  • not every website has support