[bvrmn]

SSO sucks nothing in compare with TOTP-incompatible "please scan QR" mobile auth. With uniq app per service.

[politelemon]

Sendgrid does something similar. You can't use TOTP, you have use Authy specifically for their special 7 digit code. It's infuriating and they don't care.

[tomjen3]

Yeah, I don't know how many services say "please enable TFA" and then don't support my yubikey.

AWS takes the cake - you can enable a youbikey, or other TFA, but only one. So I get locked out if my device ever dies.