2FA is a problem

[COME ON OUT YOU RAPIST]

It's not illegal to give a phone company erroneous info. There are a lot of service providers who are only interested in whether or not you pay monthly. A lot of things I use that demand 2FA but aren't truly important (like a bank account) believe I am a 70 year-old male living in Las Vegas.

 

[StacticShock]

We should just do away with online authentication entirely and switch to the honor system. I trust that you fine people would not lie to access my bank account.

bring back honor killings dammit.

 

[George Lucas]

2FA is fine if the method is an authenticator app like authy or a passkey system.

 

[Tsukasa Kadoya]

We should just do away with online authentication entirely and switch to the honor system. I trust that you fine people would not lie to access my bank account.

Of course you can trust me...

Goy

 

[Pedophobe]

All of this because people can't remember their passwords so they make them way too easy to crack.

We should have normalized that XKCD comic strip about using passphrases which are just as hard to crack as B10|_|Cl3 but are much easier to remember instead.

My loca branch of the NWO used to put out ads telling everyone to always enable 2FA, now they've started putting out ads telling everyone to always use strong unique passphrases.

 

[locked and keyed]

I now have 7 (seven) fucking codes in my authenticator just for work!!!!! I also have to get a text to access any of my banking stuff. That is on top of the million different passwords I have to access all of the personal accounts for various services. Advancements in AI should take a backseat to figuring out the final solution for account access.

 

[Nero Fiddled]

And despite all this 2FA crap, hackers still break into the systems behind the authentication layer and download the data anyway.

 

[Smaug's Smokey Hole 2]

One thing that surprised me was the step of "put your ID, drivers license or passport on a flat surface and place you phone on top of it". Not a scam, a real legit system, doesn't involve images just NFC.

 

[ArgonianVoter]

One thing that surprised me was the step of "put your ID, drivers license or passport on a flat surface and place you phone on top of it". Not a scam, a real legit system, doesn't involve images just NFC.

you know your government can scam you right? it doesn't have to be a business or individual.

 

[Amerimutt]

You know what's more annoying than 2FA? Google asking me to "verify with phone number" when I've never linked my phone number to my Google account. I could literally use any phone to do it so it doesn't prove anything it's just a way of them getting a phone number off of me and there doesn't seem to be any way to prevent it.

 

[Jewish Fantasy Race]

2FA is fine if the method is an authenticator app like authy or a passkey system.

It's extremely easy to get and keep a burner phone without your real name. If we accept those apps as the standard and they phase out text 2FA, we are fucked.

 

[George Lucas]

It's extremely easy to get and keep a burner phone without your real name. If we accept those apps as the standard and they phase out text 2FA, we are fucked.

A service needing your full name and other personal information has nothing to do with 2FA. 2FA can work anonymously.

 

[Jewish Fantasy Race]

A service needing your full name and other personal information has nothing to do with 2FA. 2FA can work anonymously.

2FA apps require using a smart phone, which are tied to every aspect of a person's private information. At this point, smart phones are optional in society so long as you're willing to make some concessions, but mandatory use of 2FA apps rather than texting would fuck that extremely quickly. Even if you do use a personal, de-google/apple-d smart phone, wanting to use a burner phone for 2FA is probably a smart choice, since both the major authentication apps are owned by Google and Microsoft.

 

[StyxHexenHamster1350]

2FA that requires email/sms makes the site using it 100% dependent on 3'rd party services. This is always a bad idea. Every website should be an island unto itself.
TOTP is fine, but the current generation implementation is inherently flawed because it is not asymmetric.

Number of accounts I've lost from being "hacked"/phished: 0
Number of accounts I've lost because of 2-factor enshittification: 5+

Authenticator apps are not fine, as someone who has lost their phone to damage before.

Always back up your TOTP authenticator to multiple devices. Most of them support exporting data in an encrypted format. Aegis authenticator is a nice one.
When I get a TOTP QR code for a new account, I scan it with my primary phone, and two old phones I keep around. I always have my TOTP on at least three devices.

2FA apps require using a smart phone

Keepass is on the desktop too. I have it installed.

 

[Kosher Dill]

When I get a TOTP QR code for a new account, I scan it with my primary phone, and two old phones I keep around.

I save the QR code images or screencap them (and copy the text-only versions if available) and keep a backup directory full of "second factors".

 

[Pedophobe]

You know what's more annoying than 2FA? Google asking me to "verify with phone number" when I've never linked my phone number to my Google account. I could literally use any phone to do it so it doesn't prove anything it's just a way of them getting a phone number off of me and there doesn't seem to be any way to prevent it.

Once you do it they'll force you to use that phone to confirm your identity every time you try to login from a different browser (or in my case every single time I use Firefox because they don't trust it).

 

[Flatline]

2FA apps require using a smart phone, which are tied to every aspect of a person's private information.

You can use the TOTP functionality available for most password managers, including KeyPassXC, anonymously. No smartphone required.

 

[Jewish Fantasy Race]

Keepass is on the desktop too. I have it installed.

You can use the TOTP functionality available for most password managers, including KeyPassXC, anonymously. No smartphone required.

I don't opt for 2FA, and the only times I have been literally forced to use 2FA have been for school and work. In those circumstances, they only offered a single app from the company they buy an office suite from, an option for text, or very rarely, a physical security key. If you can't study or work without being forced to use a smart phone, then it's official, we are literally being corralled like cattle into carrying these spy devices on our person.

 

[Ferryman]

I don't opt for 2FA, and the only times I have been literally forced to use 2FA have been for school and work. In those circumstances, they only offered a single app from the company they buy an office suite from, an option for text, or very rarely, a physical security key. If you can't study or work without being forced to use a smart phone, then it's official, we are literally being corralled like cattle into carrying these spy devices on our person.

I had a similar experience recently, the way I resolved it is by carrying my ancient LG Optimus without the battery in, plugging it in once I get to work for 2FA, then unplugging it as soon as I leave. Surprisingly the app worked despite the decrepit Android version. I miss when you could pull your battery out.

 

[2spoopy4u]

It doesn't help that 5 eyes intelligence agencies run courses for these corps recommending this shit. Then again, who do you think is leaking this shit all the time? Of course it's them. It's surveillance AND something that controls the civilian population while they leverage their own powers more.