Recently got the email about a beach, and reset my password as was suggested.
I looked into setting up two-factor again, however as I remembered, the only available method is device-specific app authentication with recovery codes as the only backup option, which I am reluctant to use for various, personal reasons.
If Plex offered email or SMS options (even just for premium accounts), I’d be more inclined to use the feature. And contrary to what many would say about the security of such methods, my account would be more secure than it currently is.
Keep in mind that email and SMS are both not secure by default. Also, password managers like Enpass, Bitwarden and LastPass (although the latter is debatable to use as well to my opinion) have options to share the database with passwords and keys across multiple devices. So there are options that mitigate the “single point of truth” for your TOTP-tokens and apps like Google Authenticator.
I strongly suggest you check the validity of this claim.
The 2FA method which Plex uses is not device-specific. It is a standardized method, which allows you to use all apps and software on all platforms which conform to the OATH-TOTP method to generate the verification codes.
This is a widely supported industry standard, which is much much more secure than SMS or Email
And that is not my claim, but proven by commonly acknowledged security experts.
I understand this. But we’re not talking about bank account information. I just don’t think it’s that much of a concern for one time use codes which expire after ten minutes. If people are reading my SMS or emails, having my plex login breached is among the least of my concerns.
Cheers, I’ll have a look into these. Might I ask why not lastpass?
Appreciate the explanation. Which software would you recommend?
Yes, precisely, thank you. I like to access my emails and SMS from multiple devices, including ones that do not have a GUI.
People might use the same credentials for multiple sites and services. So it might be possible people use the same credentials for their online banking and their Plex account. Assuming that people have different for all websites and services they use is a bad assumption.
For me, it’s mostly because LastPass had serveral leaks and issues in the past, which shouldn’t be happening at all for a password management tool.
There are a lot of options, actually. I have a Premium Lifetime subscription for Enpass, so that’s why I stay at Enpass, but nowadays, Bitwarden is a great alternative for a password manager. If you are looking for a TOTP manager only, you can look into Authy.
It’s only a bit more secure, as SMS and e-mail can always be intercepted for instance. It you can avoid this that’s preferable for security reasons too.
