[rasur]

I also live in Switzerland, and it is perfectly possible to survive 48 hours or so here without needing one, unless of course every single transaction you engage in requires 2FA, which.. here, you generally do not.

I mean, I feel for the guy moving to a new country - been there, done that - but, with respect he's hyperventilating just a little bit.

[Al-Khwarizmi]

This is one of the various reasons why I dislike the encroaching mandatory 2FA.

Mind you, I have no plans of spending days without a smartphone, and maybe I'll never want to do that, but I don't like the way in which 2FA is making it outright impossible. It should be my own business whether I want a phone or not, and now it's becoming outright mandatory to interact with society (I can't even log into my workplace without 2FA). Another freedom that vanishes.

[hnlmorg]

2FA doesn’t require a smart phone. It just requires a second form of authentication.

TOTP (the one time codes that are common methods of 2FA) don’t even need a smart phone. You can store them in most password managers, if you wanted to.

With regards to other forms of MFA, you can use email, SMS, hardware keys and I’ve seen some banks use a second password (which is dumb but probably no worse than email or SMS). Some sites just ask your for “memorable information”, which is also terrible in my opinion.

It just so happens that TOTP is the best second form of authentication because it is both secure but also cheap.

If you don’t want to store those TOTP codes on your smart phone then you can store them in your password manager or buy another physical device just for 2FA. I wouldn’t normally advocate storing your 2FA codes with your passwords, but that’s still better than not having any second factor of authentication at all.

[indigo945]

You can, if you really care about this, get a dedicated hardware to store your TOTP tokens (for example [1]). There's also various open hardware projects (like [2]). Or you can just use an old smartphone without a SIM card, which probably doesn't "interact with society" any more than the website you're trying to log on to in the first place.

[1]: https://www.token2.com/shop/product/molto-2-v2-multi-profile...

[2]: https://hackaday.io/project/176959-open-authenticator

[drhuseynov]

An offtopic - since you mentioned hardware. It is better to invest in phishing-resistant FIDO2 devices and try to avoid OTP wherever possible.

[MattGaiser]

You could only have that if your bank account being emptied by someone knowing your password is your problem, not the bank's problem or employees forgoing 2FA carried the liability for their passwords leaking.

If the bank has to be partially responsible for your access credentials and your workplace is going to get in trouble from you reusing a password, of course they are not going to let you have much freedom here.

[Al-Khwarizmi]

I don't buy that argument, to be honest.

Firstly, before online banking existed fraud was quite common, and this dind't make banks unsustainable. And indeed, one of the key points that made people trust credit cards was that the bank had your back if someone emptied your account somehow. I once had fraudulent charges from a country thousands of kilometers away, on a card that I hadn't even used (so there was no chance it could be my fault). I just flagged them as fraudulent and the bank returned the money a few days later, no questions asked.

Secondly, even if you are a security expert with great password practices, do you really want your banking security be considered just your problem? What if one day your account is hacked through no fault of your own, because of some breach/hack of the bank's systems, and the bank denies it, giving you full responsibility? I think it's extremely dangerous to give banks the option to do that. Fraud should always be the bank's problem by default, unless they can prove that the user was negligent.

Thirdly, even if we accept the assumption that 2FA is needed for security, there are more ways to do 2FA that don't involve a smartphone - for example with a physical device, or with a coordinate card. The fact that most 2FA (at least where I live) is mobile-only, and even banks that used to offer other choices are now moving to mobile-only, is evidence that there is a motivation beyond security, they want to make smartphones mandatory.

[em500]

I have an old iPhone SE (2016) in the drawer at home, with a backup Google Authenticator and passwords backup by iCloud. It doesn't need a separate phone plan, or even any other network connection to function as a backup 2FA/password manager. Network (wifi) access is useful to keep the password data synced (which I scheduled for myself to check manually once a month).

[prmoustache]

Yeah he is definitely overdramatising.

1. paying the bills is something you do once every month for people not having setup direct payment. Sure most banks wants 2FA nowadays but you could live without a phone daily and only use one (or a tablet, a VM or an emulator) once a month (without SIM and plan). Or go to the actual bank once a month. People used to go to the post office once a month to pay the bills in Switzerland. I am pretty sure a lot of people still do it that way.

2. access to maps. Do what any tourist has done for decades. Go to the tourism office and grab a free map. If you wants more details, buy or print an actual detailed map + the public transport system map. done.

3. I have been a foreigner and have learnt languages just by living in a place. This is by interacting with the people that you start learning better and feel part of the community and culture. Asking for directions is part of it. Sure swiss people may not be on average the warmest people but you will always find people willing to help.

[raverbashing]

Obviously

Your phone broke down, sorry, but you deal with it. You can even get a cheap android anywhere and a cheap prepaid plan if you can't afford a new iPhone

Yes I can understand, having to confirm transactions on a phone lacks a proper fallback plan most of the time

As with people that think their phone is a substitute for their car keys, especially when going countryside with 12% battery, you don't get a lot of sympathy from me