Daito Support
Go to website
Back
Articles on:
FAQ
Frequently asked questions about Daito, 2FA and authentication.
What's the difference between a user and a 2FA token?
A user is a user account, that you need to log in to Daito and use it. A 2FA token is a TOTP (a time-based one-time password) that is generated for you by Daito, based on the 2FA seed data you feed it.
Some readers
What data do you define as "bare minimum of necessary data to provide the service"?
We do not use external marketing platforms, such as Google Analytics or Hotjar. The data we collect and the cookies that are set by the app are not for tracking, but for ensuring the app's functionality (such as "remember me" functionality). We track and audit all user actions, for security monitoring as well as for performance management purposes. If we collect data we keep it on our own systems or adequately anonymize it before sending it to an external service.
Some readers
What is a TOTP?
TOTP stands for time-based one-time password.
Some readers
Who is behind Daito Authenticator?
The Daito Authenticator is a product from Elster Intelligence, a Berlin, Germany-based software company. Elster Intelligence was founded by Jan Sroka, a former Big 4 information security professional after experiencing first hand in his 15+ years career that 2FA tokens often need to be shared in smaller companies and that lots of companies unnecessarily open themselves to risk by not protecting all (shared or not shared) accounts with 2FA. Jan holds numerous advanced IT security certifications
Some readers
Can I used Daito to store 2FA backup or one-time codes?
No, you can not use Daito Authenticator to store 2FA Backup Codes or 2FA One-Time Codes. These codes should be stored separate from your 2FA tokens, ideally in an encrypted password manager.
Some readers
Why is web-based 2FA without a second device as secure as 2FA with a second device? Isn’t the 2nd device what makes 2FA secure?
Web-based 2FA without a second device is as secure as app-based 2FA with a second device if your threat model is to defend primarily against automated large-scale attacks and not against targeted attacks (e.g. hackers for hire, or state-sponsored attacks). It is not primarily the second device that improves your security, it is the second authentication factor in the form of a time-based one-time password (usually a 6-digit number that changes every 30 seconds) as this delays the overall attack
Some readers