|
|
|
|
|
|
by unethical_ban
1341 days ago
|
|
|
TLDR - "It's an extra feature". Solution: Backup/recovery tokens (never require phone/OOB recovery by default). Use email as a fallback 2FA if the service isn't critical. For internal services/services at a business org, put in workflows for getting manager voice auth/phone call/etc. for more secure and trusted recovery validation. Anyway, the point is for simple TOTP, it's a lot of security improvement for relatively minimal, one time work. |
|
|