[danwee]

Not only that. Many banks and government services nowadays require a phone (and/or phone number) as well. Their excuse? MFA. So idiotic. I can understand that they want to improve auth for the vast majority of their customers, but don't make it mandatory FFS!

[ThunderSizzle]

Too many people, even here, praise MFA when they reveal how weak their passwords are.

I've never had an auto generated password get broken into. Password databases should've been the solution everyone pushed, not 2FA.

Also, it's really an attempt for these services to cut down on fakes and bots. Its easy to make new emails, but hard to get new numbers that aren't already black/brown listed.

[Gud]

What do you think is wrong with 2FA?

[ThunderSizzle]

As a user, it's not fast, user-friendly, or fail-tolerant. And all three of those vary heavily depending on the company implementing the 2FA.

A username/email and password is pretty simple and straight-forward. If I lose a password, I can reset it via my email. Therefore, the only account that should even consider MFA should be my email, since it's a gateway to everything else. But that also means my email shouldn't have to be connected to 20 other services.

[tkiolp4]

2FA is fine. Being forced to use a mobile phone for 2FA is wrong.