[tpoacher]

What pisses me off (and prevents me from using my own version of the system effectively proposed in the article) is companies that send you both actionable and a boatload of spammy emails via the same email address.

Github "confirmatory 2fa" is an example. If I could, I'd turn it off, but there's no option for that (There's only an option to turn it "fully" on. hah!).

I had been redirecting github emails to my preferred folders, but then when the 2fa email came up, I had to spend 5 minutes tracking it down, because only the inbox sends notifications on my phone. So I reluctantly removed the rules, and now it litters my inbox by design.

I hate 2fa with a passion.

[hombre_fatal]

Same with phone notifications.

You enable notifications from Uber/UberEats/whatever because it's useful to get notifications like "the driver is on the way", "the driver is here". But then they also send you spam notifications.

And at least on iPhone, I don't know of a fast way to toggle notifications for a given app. Endless-scrolling the list of all apps in the notifications config menu is annoying enough to where I never bother.

My carrier (Telcel MX) does this too. They send important messages about my subscription on the same channel they spam me with offers. They even send me warnings about phishing attacks from fake Telcel ads. Well, maybe people wouldn't be so susceptible to it if you didn't train them to get used to ad spam.

[pimlottc]

Next time you get a notification from a sender you want to silence, swipe left on the notification, then tap “manage notifications”. That should take you straight to the notification settings for the specific app.

[Nextgrid]

That still doesn't address the problem - on iOS, notifications are "all or nothing" for any given app.

[pimlottc]

Yes, unfortunately there is only so much you can do.

[FabHK]

> on iPhone, I don't know of a fast way to toggle notifications for a given app.

In the notification screen, drag the notification left and hit "Options". It'll give you options to mute, turn off, or fine-tune the settings.

[adeelk93]

You can turn those off for UberEats FYI. In the privacy settings.

[ImaCake]

An Australian bank I used has used their 2FA phone number to send me marketing messages about loans. I was absolutely furious about it. 2FA numbers should not be used for your marketing team’s sleazy trash.

[gertlex]

I have the same general opinion around "categories of email noise from a company", but I find Github is possibly the best one I know of. It's not perfect. Jira is an example of a bad one (while also having a high volume of email if you set it up for such).

Specifically, for any who haven't noticed, there are several additional email addresses in most emails you'll receive if you're watching Github Repos, and you can filter on these:

https://docs.github.com/en/account-and-profile/managing-subs...

So I have a series of filters for several of those emails, like "If 'mentions' in CC'd put in important folder", plus some filters for "If '[reponame]' in title, put in dedicated folder". And then all other github emails go to some other folder, and never my inbox. (That all said, I may be completely misunderstanding you; as I don't think I deal with "comfirmatory 2fa emails)

[zauguin]

There are also quite some headers GitHub sets which often can be used for filters. E.g. instead of checking for `[reponame]` in the title, you can check the `List-ID` to filter for a specific repo.

[Nextgrid]

Rules are the answer. I don't agree with the idea of using separate email addresses for this reason. Instead, let it go to your main one and filter by sender & subject.

[mediumsmart]

I agree but I also have one trashemail-address for all the give-email-to-get-something buttons and every 'serious' subscription-account gets a dedicated forward only email so I can replace them without worrying about which accounts are affected.

[IggleSniggle]

Use an Authenticator app (TOTP) as you ought to be doing anyway, and the email 2FA disappears.

[reillyse]

Until you switch devices and then you lose access to your account or spend a morning wading through Authenticator transfer hell for each account. I learned that lesson last time I switched phone and now everything lives in my password manager + sms 2fa

[IggleSniggle]

There’s a middle ground with an out-of-band shared decrypt. Authy has the most user friendly TOTP sync that lives on device, but are other more open source ways to have your cake and eat it too in this regard.

[peanball]

Or OTP Auth in the App Store, uses iCloud sync. I use that one happily for years now.

https://apps.apple.com/de/app/otp-auth/id659877384?l=en

[couchand]

> lose access to your account

When you set up the device and GitHub showed you a handful of codes and said "don't lose these they're important" you kept them, right?

> Authenticator transfer hell

I've switched my primary TOTP device twice in the past few months and I have no idea what you're talking about.

[silisili]

Paid bitwarden has a cloud based totp that I've been using for this reason. Works perfectly.

[nyuszika7h]

There are multiple better solutions to that:

- Use a 2FA app with sync like Authy (even Google Authenticator has basic backup/export support nowadays, but it's still far too easy to lose your codes with it)

- Use a password manager with 2FA support like KeePassXC/1Password/Bitwarden

- Use a YubiKey (ideally have two in case you lose it)

[hackmiester]

The built-in iOS keychain will let you save your MFA tokens as well, and this can sync between devices. Or, you can use Raivo, and back up the tokens either manually or in iCloud.

[WhyNotHugo]

If you switch phones often, a Yubikey might be better 2FA (it's definitely safer).

[lmm]

Authenticator added single-code transfer of everything now.

[nyuszika7h]

Meanwhile Amazon still sends me an email and a text message every time I log in to a new device on an account with TOTP 2FA enabled. At least those don't require any action from me, but it's still annoying.

[10729287]

Why don't you just filter those 2fa emails on the subject instead of sender, so they end up in your inbox ?

[geoduck14]

Report them as spam. Eventually, GitHub email will be blocked, and they will need to get their act together

https://glockapps.com/isp-feedback-loops/#:~:text=ISP%20Feed....

[austhrow743]

Do they provide distinct titles? Could filter based on that on top of domain.

[freedomben]

I think if you set up TOTP the emails will stop.