|
|
|
|
|
|
by bubblethink
2564 days ago
|
|
|
>Authy (arguably more secure) What's the argument ? >Would be cool if this somehow cleaned up the whole process. Everyone, just leave 2FA alone. No sms. No custom garbage that sends a push from a cloud and uses a blob on the device. Use TOTP. It's simple and easy. If you want fancier phishing protection, optionally add the newer fido2 or whatever the newer standards end up being. Just no custom garbage. |
|
|
* you have to install an app, but you can't tell which app you're meant to use
* you have to configure the app with whatever your signin service is
* If you ever delete the app (something that is generally not harmful) you lose the ability to sign in, and reinstalling frequently does not bring back your old authorizations.
But yeah, SMS 2fa is garbage from a security stand point (and will remain so until carriers can be held liable for costs from transferring your number without your authorization), but it is usable and is leaps and bounds better than nothing at all, which is what users will do if you make 2fa hard to set up.