|
|
|
|
|
|
by mduggles
1095 days ago
|
|
|
I’m not doing them wrong. They’re a user hostile design. The point of TOTP was just to say “here is an actually good password and a time element to it”. But expecting every user on the planet to carry their TOTP app around was wrong so immediately everyone put it in their password manager and it stopped being a check of whether I had the device. Then the most common TOTP app, Google Auth, didn’t backup your codes so that was pointless and user hostile. They fixed it but I mean damage done I guess. I’m not gonna buy a hardware security key and carry it around for casual usage. I absolutely will never ever do that. For work I will because I need to get paid, but for every login? Give me a break. Once again security cannot destroy the user experience. Here’s the actual right answer. Switch to passkeys and give up on all this poorly thought out junk. |
|
|