[envy2]

> You don't know if the place you are storing it is doing so in plain text, storing a decryption key right next to it, etc.

Any service that is storing passwords in plain text is probably not implementing 2FA in an safe way, either.

[LocalPCGuy]

That really isn't an argument against my point, that it's very hard to verify what is happening once you click submit with your password.

[TedDoesntTalk]

Password-only authentication still has its uses. I don’t want to use 2FA when I’m logging into a website I’ll use once and never again and does not have any private info about me, maybe to post a comment for example. Or try a service they are demoing.

[LocalPCGuy]

Those are totally valid use cases. In no way was I saying everything had to offer 2FA. Just pointing out that it is not just for those that don't know how to craft strong passwords or those that practice poor security hygiene, that it is a useful option to have when security is important.

[Vladimof]

Im glad news.yc and reddit don't require email to sign up...